ReportizFlow
Filtered by vendor
Subscriptions
Total
322231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16819 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | ||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | ||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | ||||
| CVE-2018-16807 | 1 Bro | 1 Bro | 2024-11-21 | N/A |
| In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. | ||||
| CVE-2018-16806 | 1 Pektron | 2 Passive Keyless Entry And Start System, Passive Keyless Entry And Start System Firmware | 2024-11-21 | N/A |
| A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. | ||||
| CVE-2018-16805 | 1 B3log | 1 Solo | 2024-11-21 | N/A |
| In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. | ||||
| CVE-2018-16804 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. | ||||
| CVE-2018-16803 | 1 Cimtechniques | 1 Cimscan | 2024-11-21 | N/A |
| In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. | ||||
| CVE-2018-16802 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. | ||||
| CVE-2018-16797 | 1 Kakaocorp | 1 Potplayer | 2024-11-21 | N/A |
| A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value. | ||||
| CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2024-11-21 | N/A |
| HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | ||||
| CVE-2018-16795 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. | ||||
| CVE-2018-16794 | 1 Microsoft | 2 Active Directory Federation Services, Windows Server 2016 | 2024-11-21 | N/A |
| Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | ||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | ||||
| CVE-2018-16792 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | 9.1 Critical |
| SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | ||||
| CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | N/A |
| In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | ||||
| CVE-2018-16789 | 1 Shellinabox Project | 1 Shellinabox | 2024-11-21 | N/A |
| libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. | ||||
| CVE-2018-16786 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | ||||
| CVE-2018-16785 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | ||||
| CVE-2018-16784 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | ||||