Total
316966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19936 | 1 Printeron | 1 Printeron | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | |||||
| CVE-2018-19935 | 2 Debian, Php | 2 Debian Linux, Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | |||||
| CVE-2018-19934 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | |||||
| CVE-2018-19933 | 1 Bolt | 1 Bolt Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. | |||||
| CVE-2018-19932 | 2 Gnu, Netapp | 3 Binutils, Cluster Data Ontap, Vasa Provider | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. | |||||
| CVE-2018-19931 | 3 Canonical, Gnu, Netapp | 3 Ubuntu Linux, Binutils, Vasa Provider | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. | |||||
| CVE-2018-19927 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | |||||
| CVE-2018-19926 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | |||||
| CVE-2018-19925 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter. | |||||
| CVE-2018-19924 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. | |||||
| CVE-2018-19923 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF. | |||||
| CVE-2018-19922 | 1 Actiontec | 2 C1000a, C1000a Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | |||||
| CVE-2018-19921 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | |||||
| CVE-2018-19919 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | |||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2018-19915 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | |||||
| CVE-2018-19914 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | |||||
| CVE-2018-19913 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | |||||
| CVE-2018-19911 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. | |||||
| CVE-2018-19908 | 1 Misp | 1 Misp | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import. | |||||