ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000526 | 1 Openpsa2 | 1 Openpsa | 2024-11-21 | N/A |
| Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26. | ||||
| CVE-2018-1000525 | 1 Openpsa2 | 1 Openpsa | 2024-11-21 | N/A |
| openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. | ||||
| CVE-2018-1000524 | 1 Spheredev | 1 Minisphere | 2024-11-21 | N/A |
| miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later. | ||||
| CVE-2018-1000523 | 1 Topydo | 1 Topydo | 2024-11-21 | N/A |
| topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line.. | ||||
| CVE-2018-1000521 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | N/A |
| BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. | ||||
| CVE-2018-1000520 | 1 Arm | 1 Mbed Tls | 2024-11-21 | N/A |
| ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. | ||||
| CVE-2018-1000518 | 1 Websockets Project | 1 Websockets | 2024-11-21 | 7.5 High |
| aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. | ||||
| CVE-2018-1000516 | 1 Galaxyproject | 1 Galaxy | 2024-11-21 | N/A |
| The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01. | ||||
| CVE-2018-1000515 | 1 News-articles Project | 1 News-articles | 2024-11-21 | N/A |
| ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | ||||
| CVE-2018-1000514 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | ||||
| CVE-2018-1000513 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x. | ||||
| CVE-2018-1000512 | 1 Tooltipy Project | 1 Tooltipy | 2024-11-21 | N/A |
| Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | ||||
| CVE-2018-1000511 | 1 Wpulike | 1 Ulike | 2024-11-21 | N/A |
| WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2. | ||||
| CVE-2018-1000510 | 1 Silkypress | 1 Image Zoom | 2024-11-21 | N/A |
| WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24. | ||||
| CVE-2018-1000509 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8. | ||||
| CVE-2018-1000508 | 1 Wpulike | 1 Ulike | 2024-11-21 | N/A |
| WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2. | ||||
| CVE-2018-1000507 | 1 Jjj | 1 Wp User Groups | 2024-11-21 | N/A |
| WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | ||||
| CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2024-11-21 | N/A |
| Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | ||||
| CVE-2018-1000505 | 1 Tooltipy | 1 Tooltipy | 2024-11-21 | N/A |
| Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | ||||
| CVE-2018-1000504 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. | ||||