Total
314534 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | |||||
| CVE-2018-13009 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check). | |||||
| CVE-2018-13008 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. | |||||
| CVE-2018-13007 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check). | |||||
| CVE-2018-13006 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. | |||||
| CVE-2018-13005 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. | |||||
| CVE-2018-13003 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. | |||||
| CVE-2018-13002 | 1 Weblication | 1 Cms Core \& Grid | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST. | |||||
| CVE-2018-13001 | 1 Sandoba | 1 Cp\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter. | |||||
| CVE-2018-13000 | 1 Anelectron | 1 Advanced Electron Forum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. | |||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | |||||
| CVE-2018-12998 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | |||||
| CVE-2018-12997 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | |||||
| CVE-2018-12996 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. | |||||
| CVE-2018-12995 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | |||||
| CVE-2018-12994 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | |||||
| CVE-2018-12993 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. | |||||
| CVE-2018-12992 | 1 Maelostore Project | 1 Maelostore | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface. | |||||
| CVE-2018-12990 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | |||||
| CVE-2018-12989 | 1 Pearsonvue | 2 Console 8, Iqsystem 7 | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges. | |||||