Total
298674 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20576 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
CVE-2018-20575 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
CVE-2018-20574 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
CVE-2018-20573 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | |||||
CVE-2018-20571 | 1 Damicms | 1 Damicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | |||||
CVE-2018-20570 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||||
CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
CVE-2018-20567 | 1 Douco | 1 Douphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | |||||
CVE-2018-20566 | 1 Douco | 1 Douphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||||
CVE-2018-20565 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | |||||
CVE-2018-20564 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | |||||
CVE-2018-20563 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | |||||
CVE-2018-20562 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | |||||
CVE-2018-20561 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | |||||
CVE-2018-20560 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | |||||
CVE-2018-20559 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | |||||
CVE-2018-20558 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | |||||
CVE-2018-20557 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. |