Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18787 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||||
| CVE-2018-18789 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | |||||
| CVE-2018-18791 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | |||||
| CVE-2018-18792 | 1 Zzcms | 1 Zzcms | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | |||||
| CVE-2018-18197 | 1 Linuxsampler | 1 Libgig | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp. | |||||
| CVE-2018-18530 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. | |||||
| CVE-2018-18529 | 1 Thinkphp | 1 Thinkphp | 2018-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. | |||||
| CVE-2018-18892 | 1 1234n | 1 Minicms | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | |||||
| CVE-2018-12822 | 1 Adobe | 1 Digital Editions | 2018-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-7076 | 1 Hp | 1 Intelligent Management Center | 2018-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. | |||||
| CVE-2018-18427 | 1 S-cms | 1 S-cms | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. | |||||
| CVE-2018-18486 | 1 Phpshe | 1 Phpshe | 2018-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. | |||||
| CVE-2018-18488 | 1 Gxlcms | 1 Gxlcms | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | |||||
| CVE-2018-18461 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | |||||
| CVE-2018-15540 | 1 Agentejo | 1 Cockpit | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. | |||||
| CVE-2018-17897 | 1 Lcds | 1 Laquis Scada | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. | |||||
| CVE-2018-17072 | 1 Json\+\+ Project | 1 Json\+\+ | 2018-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. | |||||
| CVE-2018-17532 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2018-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2018-15531 | 1 Javamelody Project | 1 Javamelody | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||||
| CVE-2017-17479 | 1 Uclouvain | 1 Openjpeg | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
| CVE-2018-18083 | 1 Comsenz | 1 Duomicms | 2018-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. | |||||
| CVE-2017-7862 | 1 Ffmpeg | 1 Ffmpeg | 2018-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. | |||||
| CVE-2018-17569 | 1 Viabtc | 1 Viabtc Exchange Server | 2018-11-26 | 7.5 HIGH | 9.8 CRITICAL |
| network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
| CVE-2018-17570 | 1 Viabtc | 1 Viabtc Exchange Server | 2018-11-26 | 7.5 HIGH | 9.8 CRITICAL |
| utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
| CVE-2015-9271 | 1 Videowhisper | 1 Video Conference | 2018-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. | |||||
| CVE-2015-9272 | 1 Videowhisper | 1 Video Presentation | 2018-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | |||||
| CVE-2018-17573 | 1 Smartlogix | 1 Wp-insert | 2018-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html. | |||||
| CVE-2018-17440 | 1 D-link | 1 Central Wifimanager | 2018-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. | |||||
| CVE-2018-11287 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2018-11-23 | 10.0 HIGH | 9.8 CRITICAL |
| In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency. | |||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | |||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | |||||
| CVE-2018-17852 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | |||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | |||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | |||||
| CVE-2018-17575 | 1 Swa | 1 Swa.jacad | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. | |||||
| CVE-2018-14956 | 1 Isweb | 1 Isweb | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. | |||||
| CVE-2018-18200 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. | |||||
| CVE-2018-18242 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | |||||
| CVE-2017-12574 | 1 Planex | 2 Cs-w50hd, Cs-w50hd Firmware | 2018-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. | |||||
| CVE-2018-8856 | 1 Philips | 1 E-alert Firmware | 2018-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. | |||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2018-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | |||||
| CVE-2018-17568 | 1 Viabtc | 1 Viabtc Exchange Server | 2018-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | |||||
| CVE-2013-4451 | 1 Gitolite | 1 Gitolite | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. | |||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | |||||
| CVE-2018-16974 | 1 Elefantcms | 1 Elefant | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist). | |||||
| CVE-2018-17126 | 1 Chshcms | 1 Cscms | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | |||||
| CVE-2018-14815 | 1 Fujielectric | 2 V-server, V-server Firmware | 2018-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | |||||
| CVE-2017-2792 | 1 Marklogic | 1 Marklogic | 2018-11-15 | 6.8 MEDIUM | 9.6 CRITICAL |
| An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. | |||||
| CVE-2018-17379 | 1 Thephpfactory | 1 Raffle Factory | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-17380 | 1 Thephpfactory | 1 Article Factory Manager | 2018-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter. | |||||