Export limit exceeded: 358264 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358264 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6914 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. | ||||
| CVE-2018-6913 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Perl | 2024-11-21 | N/A |
| Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | ||||
| CVE-2018-6912 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | ||||
| CVE-2018-6911 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | ||||
| CVE-2018-6910 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 7.5 High |
| DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | ||||
| CVE-2018-6909 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | ||||
| CVE-2018-6908 | 1 Rainmachine | 4 Mini-8, Mini-8 Firmware, Touch Hd 12 and 1 more | 2024-11-21 | N/A |
| An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | ||||
| CVE-2018-6907 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | ||||
| CVE-2018-6906 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | ||||
| CVE-2018-6905 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
| The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | ||||
| CVE-2018-6904 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. | ||||
| CVE-2018-6903 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2024-11-21 | N/A |
| PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | ||||
| CVE-2018-6902 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | N/A |
| PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. | ||||
| CVE-2018-6900 | 1 Website Broker Script Project | 1 Website Broker Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. | ||||
| CVE-2018-6893 | 1 Finecms | 1 Finecms | 2024-11-21 | N/A |
| controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. | ||||
| CVE-2018-6892 | 1 Cloudme | 1 Sync | 2024-11-21 | N/A |
| An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution. | ||||
| CVE-2018-6891 | 1 Booking-wp-plugin | 1 Bookly | 2024-11-21 | 6.1 Medium |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | ||||
| CVE-2018-6890 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. | ||||
| CVE-2018-6889 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | N/A |
| An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction. | ||||
| CVE-2018-6888 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | N/A |
| An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token. | ||||