Total
299351 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19439 | 1 Oracle | 1 Secure Global Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | |||||
| CVE-2018-19437 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. | |||||
| CVE-2018-19436 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | |||||
| CVE-2018-19435 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | |||||
| CVE-2018-19434 | 1 Weberp | 1 Weberp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | |||||
| CVE-2018-19433 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | |||||
| CVE-2018-19432 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | |||||
| CVE-2018-19424 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | |||||
| CVE-2018-19423 | 1 Codiad | 1 Codiad | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | |||||
| CVE-2018-19422 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | |||||
| CVE-2018-19421 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.0 MEDIUM | 3.8 LOW |
| In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | |||||
| CVE-2018-19420 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.0 MEDIUM | 3.8 LOW |
| In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | |||||
| CVE-2018-19418 | 2 Foxitsoftware, Microsoft | 2 Pdf Activex, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | |||||
| CVE-2018-19417 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. | |||||
| CVE-2018-19416 | 1 Sysstat Project | 1 Sysstat | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. | |||||
| CVE-2018-19415 | 1 Plikli | 1 Plikli Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php. | |||||
| CVE-2018-19414 | 1 Plikli | 1 Plikli Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php. | |||||
| CVE-2018-19413 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. | |||||
| CVE-2018-19411 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | |||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |||||