Export limit exceeded: 364939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8437 | 1 Njiandan-cms Project | 1 Njiandan-cms | 2024-11-21 | N/A |
| njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. | ||||
| CVE-2019-8436 | 1 Txjia | 1 Imcat | 2024-11-21 | N/A |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | ||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | ||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | ||||
| CVE-2019-8433 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. | ||||
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | ||||
| CVE-2019-8429 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | ||||
| CVE-2019-8428 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | ||||
| CVE-2019-8427 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. | ||||
| CVE-2019-8426 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | ||||
| CVE-2019-8425 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | ||||
| CVE-2019-8424 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. | ||||
| CVE-2019-8423 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | ||||
| CVE-2019-8422 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. | ||||
| CVE-2019-8421 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. | ||||
| CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2024-11-21 | N/A |
| VNote 2.2 has XSS via a new text note. | ||||
| CVE-2019-8418 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. | ||||
| CVE-2019-8413 | 1 Mi | 2 Mi Mix 2, Mi Mix 2 Firmware | 2024-11-21 | N/A |
| On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | ||||
| CVE-2019-8412 | 1 Feifeicms | 1 Feifeicms | 2024-11-21 | N/A |
| FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. | ||||
| CVE-2019-8411 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | ||||