Vulnerabilities (CVE)

Total 316124 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6384 1 Nsclient 1 Nsclient\+\+ 2024-11-21 7.2 HIGH 7.8 HIGH
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
CVE-2018-6383 1 Monstra 1 Monstra 2024-11-21 6.5 MEDIUM 8.8 HIGH
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
CVE-2018-6382 1 Mantisbt 1 Mantisbt 2024-11-21 2.1 LOW 3.3 LOW
** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass.
CVE-2018-6380 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVE-2018-6379 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVE-2018-6378 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVE-2018-6377 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVE-2018-6376 1 Joomla 1 Joomla\! 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVE-2018-6374 1 Pulsesecure 1 Desktop Linux Client 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
CVE-2018-6373 1 Fastballproductions 1 Fastball 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
CVE-2018-6372 1 Joombooking 1 Jb Bus 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
CVE-2018-6370 1 Neojoomla 1 Neorecruit 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
CVE-2018-6368 1 Comdev 1 Jomestate Pro 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
CVE-2018-6367 1 Vastal 1 I-tech Buddy Zone Facebook Clone 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
CVE-2018-6365 1 Datacomponents 1 Tsitebuilder 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
CVE-2018-6364 1 Multilanguage Real Estate Mlm Script Project 1 Multilanguage Real Estate Mlm Script 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
CVE-2018-6363 1 Taskrabbit Clone Project 1 Taskrabbit Clone 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
CVE-2018-6362 1 Ehcp 1 Easy Hosting Control Panel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
CVE-2018-6361 1 Ehcp 1 Easy Hosting Control Panel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.
CVE-2018-6360 2 Debian, Mpv 2 Debian Linux, Mpv 2024-11-21 6.8 MEDIUM 8.8 HIGH
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.