Export limit exceeded: 359547 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359547 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7745 | 1 Cobub | 1 Razor | 2024-11-21 | 7.5 High |
| An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation. | ||||
| CVE-2018-7741 | 1 Eramba | 1 Eramba | 2024-11-21 | N/A |
| Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. | ||||
| CVE-2018-7740 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-11-21 | N/A |
| The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | ||||
| CVE-2018-7739 | 1 Antsle | 1 Antman | 2024-11-21 | N/A |
| antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation. | ||||
| CVE-2018-7737 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-7736 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-7735 | 1 Afian | 1 Filerun | 2024-11-21 | N/A |
| Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request. | ||||
| CVE-2018-7734 | 1 Afian | 1 Filerun | 2024-11-21 | N/A |
| Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request. | ||||
| CVE-2018-7733 | 1 Yxtcmf | 1 Yxtcmf | 2024-11-21 | N/A |
| An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html. | ||||
| CVE-2018-7732 | 1 Yxtcmf | 1 Yxtcmf | 2024-11-21 | N/A |
| An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html. | ||||
| CVE-2018-7731 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. | ||||
| CVE-2018-7730 | 4 Canonical, Debian, Exempi Project and 1 more | 4 Ubuntu Linux, Debian Linux, Exempi and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | ||||
| CVE-2018-7729 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | ||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | ||||
| CVE-2018-7724 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. | ||||
| CVE-2018-7723 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible. | ||||
| CVE-2018-7722 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible. | ||||
| CVE-2018-7721 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | ||||
| CVE-2018-7720 | 1 Cobub | 1 Razor | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation. | ||||
| CVE-2018-7719 | 2 Acrolinx, Microsoft | 2 Acrolinx Server, Windows | 2024-11-21 | N/A |
| Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. | ||||