Total
295411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17881 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change. | |||||
| CVE-2018-17880 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | |||||
| CVE-2018-17879 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts. | |||||
| CVE-2018-17878 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function. | |||||
| CVE-2018-17877 | 1 Greedy599 | 1 Greedy 599 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards. | |||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. | |||||
| CVE-2018-17875 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. | |||||
| CVE-2018-17874 | 1 Expressionengine | 1 Expressionengine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ExpressionEngine before 4.3.5 has reflected XSS. | |||||
| CVE-2018-17873 | 1 Wifiranger | 2 Wifiranger, Wifiranger Firmware | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | |||||
| CVE-2018-17872 | 1 Verint | 2 Collaboration Compliance, Quality Management Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions. | |||||
| CVE-2018-17871 | 1 Verint | 1 Verba Collaboration Compliance And Quality Management Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control. | |||||
| CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | |||||
| CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | |||||
| CVE-2018-17867 | 1 Dasannetworks | 2 H660gw, H660gw Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field). | |||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | |||||
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | |||||