ReportizFlow
Filtered by vendor
Subscriptions
Total
322276 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10760 | 1 Projectpier | 1 Projectpier | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root. | ||||
| CVE-2018-10759 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 9.8 Critical |
| PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | ||||
| CVE-2018-10758 | 1 Datenstrom | 1 Yellow | 2024-11-21 | N/A |
| The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | ||||
| CVE-2018-10757 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2024-11-21 | N/A |
| CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | ||||
| CVE-2018-10756 | 3 Debian, Fedoraproject, Transmissionbt | 3 Debian Linux, Fedora, Transmission | 2024-11-21 | 7.8 High |
| Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. | ||||
| CVE-2018-10753 | 3 Debian, Fedoraproject, Moinejf | 3 Debian Linux, Fedora, Abcm2ps | 2024-11-21 | 9.8 Critical |
| Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-10752 | 1 Tagregator Project | 1 Tagregator | 2024-11-21 | N/A |
| The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | ||||
| CVE-2018-10751 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | N/A |
| A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463. | ||||
| CVE-2018-10750 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | ||||
| CVE-2018-10749 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | ||||
| CVE-2018-10748 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | ||||
| CVE-2018-10747 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | ||||
| CVE-2018-10746 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | ||||
| CVE-2018-10740 | 1 Axublog | 1 Axublog | 2024-11-21 | N/A |
| Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | ||||
| CVE-2018-10739 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | N/A |
| An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered. | ||||
| CVE-2018-10738 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | ||||
| CVE-2018-10737 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | ||||
| CVE-2018-10736 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | ||||
| CVE-2018-10735 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | ||||
| CVE-2018-10734 | 1 Kongtop | 10 A303, A303 Firmware, A403 and 7 more | 2024-11-21 | N/A |
| KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. | ||||