Total
317826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20636 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. | |||||
| CVE-2018-20635 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | |||||
| CVE-2018-20634 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field. | |||||
| CVE-2018-20633 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | |||||
| CVE-2018-20632 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. | |||||
| CVE-2018-20631 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | |||||
| CVE-2018-20630 | 1 Advance Crowdfunding Script Project | 1 Advance Crowdfunding Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20629 | 1 Charity Donation Script Project | 1 Charity Donation Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20628 | 1 Charity Foundation Script Project | 1 Charity Foundation Script | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20627 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. | |||||
| CVE-2018-20626 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20621 | 1 Microvirt | 1 Memu | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation through binary planting due to insecure permissions set at install time. This allows code to be run as NT AUTHORITY/SYSTEM. | |||||
| CVE-2018-20617 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c. | |||||
| CVE-2018-20616 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c. | |||||
| CVE-2018-20615 | 4 Canonical, Haproxy, Opensuse and 1 more | 5 Ubuntu Linux, Haproxy, Leap and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. | |||||
| CVE-2018-20614 | 1 Cim Project | 1 Cim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. | |||||
| CVE-2018-20613 | 1 Temmoku Project | 1 Temmoku | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TEMMOKU T1.09 Beta allows admin/user/add CSRF. | |||||
| CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | |||||
| CVE-2018-20610 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | |||||