Total
293238 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-17573 | 1 Smartlogix | 1 Wp-insert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. | |||||
CVE-2018-17572 | 1 Influxdata | 1 Influxdb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
InfluxDB 0.9.5 has Reflected XSS in the Write Data module. | |||||
CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Vanilla before 2.6.1 allows XSS via the email field of a profile. | |||||
CVE-2018-17570 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
CVE-2018-17569 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
CVE-2018-17568 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
CVE-2018-17567 | 1 Jekyllrb | 1 Jekyll | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | |||||
CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |||||
CVE-2018-17565 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | |||||
CVE-2018-17564 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | |||||
CVE-2018-17563 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. | |||||
CVE-2018-17562 | 1 Multitech | 1 Faxfinder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | |||||
CVE-2018-17560 | 1 Teamwire | 1 Teamwire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected. | |||||
CVE-2018-17559 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | N/A | 7.5 HIGH |
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | |||||
CVE-2018-17558 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | N/A | 9.8 CRITICAL |
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | |||||
CVE-2018-17556 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | |||||
CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | |||||
CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | |||||
CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | |||||
CVE-2018-17542 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. |