ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000653 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. | ||||
| CVE-2018-1000652 | 1 Jabref | 1 Jabref | 2024-11-21 | N/A |
| JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d. | ||||
| CVE-2018-1000651 | 1 Gchq | 1 Stroom | 2024-11-21 | N/A |
| Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. | ||||
| CVE-2018-1000650 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters. | ||||
| CVE-2018-1000649 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input. | ||||
| CVE-2018-1000648 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters. | ||||
| CVE-2018-1000647 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. | ||||
| CVE-2018-1000646 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | ||||
| CVE-2018-1000645 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function. | ||||
| CVE-2018-1000644 | 1 Eclipse | 1 Rdf4j | 2024-11-21 | N/A |
| Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file. | ||||
| CVE-2018-1000642 | 1 Flightairmap | 1 Flightairmap | 2024-11-21 | N/A |
| FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3. | ||||
| CVE-2018-1000641 | 1 Yeswiki | 1 Yeswiki | 2024-11-21 | N/A |
| YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | ||||
| CVE-2018-1000640 | 1 Villagedefrance | 1 Opencart-overclocked | 2024-11-21 | N/A |
| OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter. | ||||
| CVE-2018-1000639 | 1 Latexdraw Project | 1 Latexdraw | 2024-11-21 | 9.6 Critical |
| LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. | ||||
| CVE-2018-1000638 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection. | ||||
| CVE-2018-1000637 | 2 Debian, Nongnu | 2 Debian Linux, Zutils | 2024-11-21 | N/A |
| zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. | ||||
| CVE-2018-1000636 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A |
| JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710. | ||||
| CVE-2018-1000635 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7. | ||||
| CVE-2018-1000634 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7. | ||||
| CVE-2018-1000633 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7. | ||||