Total
310021 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16350 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | |||||
CVE-2018-16349 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | |||||
CVE-2018-16348 | 1 Seacms | 1 Seacms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. | |||||
CVE-2018-16347 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. | |||||
CVE-2018-16346 | 1 Chemcms Project | 1 Chemcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
ChemCMS 1.0.6 has XSS via the "setting -> website information" field. | |||||
CVE-2018-16345 | 1 Easycms | 1 Easycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
CVE-2018-16344 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. | |||||
CVE-2018-16343 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. | |||||
CVE-2018-16342 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
ShowDoc v1.8.0 has XSS via a new page. | |||||
CVE-2018-16339 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | |||||
CVE-2018-16338 | 1 Auracms | 1 Auracms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
CVE-2018-16336 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | |||||
CVE-2018-16335 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. | |||||
CVE-2018-16334 | 1 Tendacn | 4 Ac10, Ac10 Firmware, Ac9 and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | |||||
CVE-2018-16333 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | |||||
CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | |||||
CVE-2018-16331 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | |||||
CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | |||||
CVE-2018-16329 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. |