ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16981 | 2 Debian, Nothings | 2 Debian Linux, Stb Image.h | 2024-11-21 | 8.8 High |
| stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | ||||
| CVE-2018-16980 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | ||||
| CVE-2018-16979 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. | ||||
| CVE-2018-16978 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | ||||
| CVE-2018-16977 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. | ||||
| CVE-2018-16976 | 1 Gitolite | 1 Gitolite | 2024-11-21 | N/A |
| Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. | ||||
| CVE-2018-16975 | 1 Elefantcms | 1 Elefant | 2024-11-21 | N/A |
| An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php. | ||||
| CVE-2018-16974 | 1 Elefantcms | 1 Elefant | 2024-11-21 | N/A |
| An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist). | ||||
| CVE-2018-16971 | 1 Wisetail | 1 Learning Management System | 2024-11-21 | N/A |
| Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | ||||
| CVE-2018-16970 | 1 Wisetail | 1 Learning Management System | 2024-11-21 | N/A |
| Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. | ||||
| CVE-2018-16969 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | N/A |
| Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. | ||||
| CVE-2018-16968 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | N/A |
| Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | ||||
| CVE-2018-16967 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | N/A |
| There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | ||||
| CVE-2018-16966 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | N/A |
| There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | ||||
| CVE-2018-16965 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | ||||
| CVE-2018-16962 | 2 Apple, Webroot | 2 Macos, Secureanywhere | 2024-11-21 | N/A |
| Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. | ||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | ||||
| CVE-2018-16960 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. | ||||
| CVE-2018-16959 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is synchronised with Active Directory (AD), this vulnerability can expose the account names of all AD users. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16958 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||