Export limit exceeded: 358249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7204 | 1 Giribaz | 1 File Manager | 2024-11-21 | N/A |
| inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. | ||||
| CVE-2018-7203 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | ||||
| CVE-2018-7202 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. | ||||
| CVE-2018-7201 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | ||||
| CVE-2018-7198 | 1 Octobercms | 1 October | 2024-11-21 | N/A |
| October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | ||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | ||||
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | ||||
| CVE-2018-7195 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. | ||||
| CVE-2018-7194 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. | ||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | ||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | ||||
| CVE-2018-7191 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. | ||||
| CVE-2018-7188 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | ||||
| CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-11-21 | 8.8 High |
| The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | ||||
| CVE-2018-7186 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2024-11-21 | N/A |
| Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. | ||||
| CVE-2018-7183 | 4 Canonical, Freebsd, Netapp and 1 more | 4 Ubuntu Linux, Freebsd, Element Software and 1 more | 2024-11-21 | N/A |
| Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | ||||
| CVE-2018-7182 | 3 Canonical, Netapp, Ntp | 3 Ubuntu Linux, Element Software, Ntp | 2024-11-21 | N/A |
| The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | ||||
| CVE-2018-7180 | 1 Saxum2003 | 1 Astro | 2024-11-21 | N/A |
| SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | ||||
| CVE-2018-7179 | 1 Squadmanagement Project | 1 Squadmanagement | 2024-11-21 | N/A |
| SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | ||||
| CVE-2018-7178 | 1 Saxum2003 | 1 Saxum Picker | 2024-11-21 | N/A |
| SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | ||||