Total
298726 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | |||||
| CVE-2018-20610 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | |||||
| CVE-2018-20609 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | |||||
| CVE-2018-20608 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | |||||
| CVE-2018-20607 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | |||||
| CVE-2018-20606 | 1 Txjia | 1 Imcat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | |||||
| CVE-2018-20605 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | |||||
| CVE-2018-20604 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. | |||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |||||
| CVE-2018-20602 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | |||||
| CVE-2018-20601 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | |||||
| CVE-2018-20600 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | |||||
| CVE-2018-20599 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | |||||
| CVE-2018-20598 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 has ?do=user_addpost CSRF. | |||||
| CVE-2018-20597 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | |||||
| CVE-2018-20594 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. | |||||
| CVE-2018-20593 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | |||||
| CVE-2018-20592 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | |||||