ReportizFlow
Filtered by vendor
Subscriptions
Total
322137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10235 | 1 Poscms | 1 Poscms | 2024-11-21 | N/A |
| POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file. | ||||
| CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | ||||
| CVE-2018-10233 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | N/A |
| The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin. | ||||
| CVE-2018-10232 | 1 Topdesk | 1 Topdesk | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors. | ||||
| CVE-2018-10231 | 1 Topdesk | 1 Topdesk | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2018-10230 | 1 Zend | 1 Zend Server | 2024-11-21 | N/A |
| Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. | ||||
| CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-11-21 | N/A |
| A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | ||||
| CVE-2018-10228 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | ||||
| CVE-2018-10227 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. | ||||
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | ||||
| CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | ||||
| CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | ||||
| CVE-2018-10222 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | ||||
| CVE-2018-10221 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload. | ||||
| CVE-2018-10220 | 1 Mushmush | 1 Glastopf | 2024-11-21 | N/A |
| Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation | ||||
| CVE-2018-10219 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. | ||||
| CVE-2018-10205 | 1 Hyper | 1 Hyperstart | 2024-11-21 | N/A |
| hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker. | ||||
| CVE-2018-10204 | 1 Purevpn | 1 Purevpn | 2024-11-21 | N/A |
| PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows "Write" permissions to users in the "Everyone" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account. | ||||
| CVE-2018-10201 | 1 Ncomputing | 1 Vspace Pro | 2024-11-21 | N/A |
| An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667. | ||||
| CVE-2018-10199 | 1 Mruby | 1 Mruby | 2024-11-21 | N/A |
| In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code. | ||||