Vulnerabilities (CVE)

Total 296689 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12998 1 Zohocorp 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
CVE-2018-12997 1 Zohocorp 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.
CVE-2018-12996 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
CVE-2018-12995 1 Onefilecms 1 Onefilecms 2024-11-21 6.5 MEDIUM 8.8 HIGH
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.
CVE-2018-12994 1 Onefilecms 1 Onefilecms 2024-11-21 6.5 MEDIUM 8.8 HIGH
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.
CVE-2018-12993 1 Onefilecms 1 Onefilecms 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.
CVE-2018-12992 1 Maelostore Project 1 Maelostore 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.
CVE-2018-12990 1 Phpwcms 1 Phpwcms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.
CVE-2018-12989 1 Pearsonvue 2 Console 8, Iqsystem 7 2024-11-21 7.2 HIGH 6.7 MEDIUM
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
CVE-2018-12988 1 Greencms 1 Greencms 2024-11-21 5.0 MEDIUM 7.5 HIGH
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.
CVE-2018-12984 1 Hycus Cms Project 1 Hycus Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
CVE-2018-12983 1 Podofo Project 1 Podofo 2024-11-21 6.8 MEDIUM 7.8 HIGH
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
CVE-2018-12982 1 Podofo Project 1 Podofo 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
CVE-2018-12981 1 Wago 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.
CVE-2018-12980 1 Wago 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
CVE-2018-12979 1 Wago 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.
CVE-2018-12977 1 Softexpert 1 Excellence Suite 2024-11-21 6.5 MEDIUM 8.8 HIGH
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.
CVE-2018-12976 1 Godoc 1 Go Doc Dot Org 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.
CVE-2018-12975 1 Cryptosaga 1 Cryptosaga 2024-11-21 5.0 MEDIUM 7.5 HIGH
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).
CVE-2018-12973 1 Opentsdb 1 Opentsdb 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.