Vulnerabilities (CVE)

Total 293238 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-17573 1 Smartlogix 1 Wp-insert 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
CVE-2018-17572 1 Influxdata 1 Influxdb 2024-11-21 3.5 LOW 4.8 MEDIUM
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
CVE-2018-17571 1 Vanillaforums 1 Vanilla 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Vanilla before 2.6.1 allows XSS via the email field of a profile.
CVE-2018-17570 1 Viabtc 1 Viabtc Exchange Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
CVE-2018-17569 1 Viabtc 1 Viabtc Exchange Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
CVE-2018-17568 1 Viabtc 1 Viabtc Exchange Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
CVE-2018-17567 1 Jekyllrb 1 Jekyll 2024-11-21 5.0 MEDIUM 7.5 HIGH
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
CVE-2018-17566 1 Thinkphp 1 Thinkphp 2024-11-21 7.5 HIGH 9.8 CRITICAL
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
CVE-2018-17565 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
CVE-2018-17564 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device.
CVE-2018-17563 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.
CVE-2018-17562 1 Multitech 1 Faxfinder 2024-11-21 5.0 MEDIUM 7.5 HIGH
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
CVE-2018-17560 1 Teamwire 1 Teamwire 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected.
CVE-2018-17559 1 Abus 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more 2024-11-21 N/A 7.5 HIGH
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
CVE-2018-17558 1 Abus 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more 2024-11-21 N/A 9.8 CRITICAL
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
CVE-2018-17556 1 Modx 1 Modx Revolution 2024-11-21 3.5 LOW 5.4 MEDIUM
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
CVE-2018-17555 1 Commscope 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
CVE-2018-17553 1 Naviwebs 1 Navigate Cms 2024-11-21 6.5 MEDIUM 8.8 HIGH
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
CVE-2018-17552 1 Naviwebs 1 Navigate Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CVE-2018-17542 1 Hgiga 1 Oaklouds Mailsherlock 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.