Vulnerabilities (CVE)

Total 298674 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20576 1 Orange 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
CVE-2018-20575 1 Orange 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
CVE-2018-20574 1 Yaml-cpp Project 1 Yaml-cpp 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20573 1 Yaml-cpp Project 1 Yaml-cpp 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2018-20572 1 Wuzhicms 1 Wuzhicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
CVE-2018-20571 1 Damicms 1 Damicms 2024-11-21 5.0 MEDIUM 7.5 HIGH
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
CVE-2018-20570 2 Debian, Jasper Project 2 Debian Linux, Jasper 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
CVE-2018-20569 1 Generic Content Management System Project 1 Generic Content Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
CVE-2018-20568 1 Generic Content Management System Project 1 Generic Content Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
CVE-2018-20567 1 Douco 1 Douphp 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.
CVE-2018-20566 1 Douco 1 Douphp 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
CVE-2018-20565 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
CVE-2018-20564 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20563 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
CVE-2018-20562 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
CVE-2018-20561 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
CVE-2018-20560 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
CVE-2018-20559 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
CVE-2018-20558 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
CVE-2018-20557 1 Douco 1 Douphp 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.