Vulnerabilities (CVE)

Total 310019 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16348 1 Seacms 1 Seacms 2024-11-21 3.5 LOW 4.8 MEDIUM
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
CVE-2018-16347 1 Gleezcms 1 Gleez Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.
CVE-2018-16346 1 Chemcms Project 1 Chemcms 2024-11-21 3.5 LOW 4.8 MEDIUM
ChemCMS 1.0.6 has XSS via the "setting -> website information" field.
CVE-2018-16345 1 Easycms 1 Easycms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVE-2018-16344 1 Zzcms 1 Zzcms 2024-11-21 6.4 MEDIUM 7.5 HIGH
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
CVE-2018-16343 1 Seacms 1 Seacms 2024-11-21 6.5 MEDIUM 7.2 HIGH
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.
CVE-2018-16342 1 Showdoc 1 Showdoc 2024-11-21 3.5 LOW 5.4 MEDIUM
ShowDoc v1.8.0 has XSS via a new page.
CVE-2018-16339 1 Phome 1 Empirecms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
CVE-2018-16338 1 Auracms 1 Auracms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
CVE-2018-16337 1 Chshcms 1 Cscms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
CVE-2018-16336 3 Canonical, Debian, Exiv2 3 Ubuntu Linux, Debian Linux, Exiv2 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.
CVE-2018-16335 2 Debian, Libtiff 2 Debian Linux, Libtiff 2024-11-21 6.8 MEDIUM 8.8 HIGH
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
CVE-2018-16334 1 Tendacn 4 Ac10, Ac10 Firmware, Ac9 and 1 more 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
CVE-2018-16333 1 Tendacn 10 Ac10, Ac10 Firmware, Ac15 and 7 more 2024-11-21 7.8 HIGH 7.5 HIGH
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
CVE-2018-16332 1 Idreamsoft 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
CVE-2018-16331 1 Damicms 1 Damicms 2024-11-21 6.8 MEDIUM 8.8 HIGH
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
CVE-2018-16330 1 Ipandao 1 Editor.md 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.
CVE-2018-16329 1 Imagemagick 1 Imagemagick 2024-11-21 7.5 HIGH 9.8 CRITICAL
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2018-16328 1 Imagemagick 1 Imagemagick 2024-11-21 7.5 HIGH 9.8 CRITICAL
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2018-16327 1 Intelliants 1 Subrion 2024-11-21 3.5 LOW 4.8 MEDIUM
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.