Export limit exceeded: 359651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7749 | 1 Asyncssh Project | 1 Asyncssh | 2024-11-21 | N/A |
| The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. | ||||
| CVE-2018-7748 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A |
| report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. | ||||
| CVE-2018-7747 | 1 Calderalabs | 1 Caldera Forms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form. | ||||
| CVE-2018-7746 | 1 Cobub | 1 Razor | 2024-11-21 | 8.8 High |
| An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. | ||||
| CVE-2018-7745 | 1 Cobub | 1 Razor | 2024-11-21 | 7.5 High |
| An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation. | ||||
| CVE-2018-7741 | 1 Eramba | 1 Eramba | 2024-11-21 | N/A |
| Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. | ||||
| CVE-2018-7740 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-11-21 | N/A |
| The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | ||||
| CVE-2018-7739 | 1 Antsle | 1 Antman | 2024-11-21 | N/A |
| antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation. | ||||
| CVE-2018-7737 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-7736 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-7735 | 1 Afian | 1 Filerun | 2024-11-21 | N/A |
| Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request. | ||||
| CVE-2018-7734 | 1 Afian | 1 Filerun | 2024-11-21 | N/A |
| Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request. | ||||
| CVE-2018-7733 | 1 Yxtcmf | 1 Yxtcmf | 2024-11-21 | N/A |
| An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html. | ||||
| CVE-2018-7732 | 1 Yxtcmf | 1 Yxtcmf | 2024-11-21 | N/A |
| An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html. | ||||
| CVE-2018-7731 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. | ||||
| CVE-2018-7730 | 4 Canonical, Debian, Exempi Project and 1 more | 4 Ubuntu Linux, Debian Linux, Exempi and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | ||||
| CVE-2018-7729 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | ||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | ||||
| CVE-2018-7724 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. | ||||
| CVE-2018-7723 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible. | ||||