Export limit exceeded: 357827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357827 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5702 | 2 Debian, Transmissionbt | 2 Debian Linux, Transmission | 2024-11-21 | N/A |
| Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. | ||||
| CVE-2018-5701 | 1 Iolo | 1 System Shield | 2024-11-21 | N/A |
| In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003. | ||||
| CVE-2018-5700 | 1 Magicwinmail | 1 Winmail Server | 2024-11-21 | N/A |
| Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. | ||||
| CVE-2018-5698 | 1 Wizardmac | 1 Readstat | 2024-11-21 | N/A |
| libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string. | ||||
| CVE-2018-5697 | 1 Icyphoenix | 1 Icyphoenix | 2024-11-21 | N/A |
| Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. | ||||
| CVE-2018-5696 | 1 Ijoomla | 1 Ad Agency | 2024-11-21 | N/A |
| The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. | ||||
| CVE-2018-5695 | 1 Wpjobboard | 1 Wpjobboard | 2024-11-21 | N/A |
| The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. | ||||
| CVE-2018-5694 | 1 Fop2 | 1 Flash Operator Panel | 2024-11-21 | N/A |
| The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. | ||||
| CVE-2018-5693 | 1 Linuxmagic | 1 Magicspam | 2024-11-21 | N/A |
| The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. | ||||
| CVE-2018-5692 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. | ||||
| CVE-2018-5691 | 1 Sonicwall | 2 Analyzer, Global Management System | 2024-11-21 | N/A |
| SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. | ||||
| CVE-2018-5690 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | ||||
| CVE-2018-5689 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | ||||
| CVE-2018-5688 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | ||||
| CVE-2018-5687 | 1 Newsbee Project | 1 Newsbee | 2024-11-21 | N/A |
| NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. | ||||
| CVE-2018-5686 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 5.5 Medium |
| In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||||
| CVE-2018-5685 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-11-21 | N/A |
| In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. | ||||
| CVE-2018-5684 | 1 Libav | 1 Libav | 2024-11-21 | N/A |
| In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file. | ||||
| CVE-2018-5683 | 4 Canonical, Debian, Qemu and 1 more | 11 Ubuntu Linux, Debian Linux, Qemu and 8 more | 2024-11-21 | 6.0 Medium |
| The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | ||||
| CVE-2018-5682 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A |
| PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. | ||||