Total
315232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14422 | 1 Sanscms | 1 Sanscms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| blog/index.php in SansCMS 0.7 has XSS via the q parameter. | |||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | |||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | |||||
| CVE-2018-14418 | 1 Msvod | 1 Msvod Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. | |||||
| CVE-2018-14417 | 1 Softnas | 1 Cloud | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions. | |||||
| CVE-2018-14415 | 1 Icmsdev | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | |||||
| CVE-2018-14404 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. | |||||
| CVE-2018-14403 | 1 Techsmith | 1 Mp4v2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. | |||||
| CVE-2018-14402 | 1 Axmldec Project | 1 Axmldec | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp. | |||||
| CVE-2018-14401 | 1 Axml Parser Project | 1 Axml Parser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read. | |||||
| CVE-2018-14399 | 1 Phpcms Project | 1 Phpcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | |||||
| CVE-2018-14398 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. | |||||
| CVE-2018-14397 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14395 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | |||||
| CVE-2018-14394 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||
| CVE-2018-14389 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. | |||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | |||||