Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10770 | 1 Annigroup | 2 5 In 1 Xvr, 5 In 1 Xvr Firmware | 2018-06-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password. | |||||
| CVE-2018-10284 | 1 Adaltech | 1 G-ticket | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter. | |||||
| CVE-2018-9919 | 1 Tp-shop | 1 Tp-shop | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | |||||
| CVE-2018-10283 | 1 Cliquemania | 1 Loja Virtual | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action. | |||||
| CVE-2014-2048 | 1 Owncloud | 1 Owncloud | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | |||||
| CVE-2018-10942 | 2 Attribute Wizard Project, Prestashop | 2 Attribute Wizard, Prestashop | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. | |||||
| CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | |||||
| CVE-2018-8938 | 1 Ipswitch | 1 Whatsup Gold | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. | |||||
| CVE-2018-8939 | 1 Ipswitch | 1 Whatsup Gold | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. | |||||
| CVE-2018-10578 | 1 Watchguard | 8 Ap100, Ap100 Firmware, Ap102 and 5 more | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. | |||||
| CVE-2018-10544 | 1 Meross | 2 Mss110, Mss110 Firmware | 2018-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. | |||||
| CVE-2018-6401 | 1 Meross | 2 Mss110, Mss110 Firmware | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. | |||||
| CVE-2018-10734 | 1 Kongtop | 10 A303, A303 Firmware, A403 and 7 more | 2018-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. | |||||
| CVE-2018-8824 | 2 Prestashop, Responsive Mega Menu Pro Project | 2 Prestashop, Responsive Mega Menu Pro | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. | |||||
| CVE-2018-1183 | 1 Dell | 16 Emc Smis, Emc Solutions Enabler Virtual Appliance, Emc Unisphere and 13 more | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service. | |||||
| CVE-2018-10362 | 1 Phpliteadmin | 1 Phpliteadmin | 2018-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers. | |||||
| CVE-2018-10375 | 1 Dedecms | 1 Dedecms | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | |||||
| CVE-2018-10429 | 1 Cosmocms | 1 Cosmo | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | |||||
| CVE-2017-17539 | 1 Fortinet | 1 Fortiwlc | 2018-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2018-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2018-10757 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. | |||||
| CVE-2018-10723 | 1 Rangerstudio | 1 Directus | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | |||||
| CVE-2016-5257 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-5277 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. | |||||
| CVE-2016-5274 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. | |||||
| CVE-2016-5276 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. | |||||
| CVE-2016-5270 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. | |||||
| CVE-2018-10574 | 1 Bigtreecms | 1 Bigtree Cms | 2018-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | |||||
| CVE-2018-10740 | 1 Axublog | 1 Axublog | 2018-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | |||||
| CVE-2018-9302 | 1 Getcockpit | 1 Cockpit | 2018-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. | |||||
| CVE-2016-10721 | 1 Partclone | 1 Partclone | 2018-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | |||||
| CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2018-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | |||||
| CVE-2018-10469 | 1 B3log | 1 Symphony | 2018-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | |||||
| CVE-2018-9245 | 1 Ericssonlg | 1 Ipecs Nms | 2018-05-25 | 10.0 HIGH | 9.8 CRITICAL |
| The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | |||||
| CVE-2014-5014 | 1 Tinywebgallery | 1 Wordpress Flash Uploader | 2018-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | |||||
| CVE-2017-12087 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2018-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. | |||||
| CVE-2017-17902 | 1 Kliqqi | 1 Kliqqi Cms | 2018-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI. | |||||
| CVE-2017-3774 | 2 Ibm, Lenovo | 43 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 40 more | 2018-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption. | |||||
| CVE-2018-7761 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2018-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. | |||||
| CVE-2018-7760 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2018-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. | |||||
| CVE-2018-8826 | 1 Asus | 26 Rt-ac1200, Rt-ac1200 Firmware, Rt-ac1750 and 23 more | 2018-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-7539 | 1 Appeartv | 4 Xc5000, Xc5000 Firmware, Xc5100 and 1 more | 2018-05-23 | 7.8 HIGH | 9.8 CRITICAL |
| On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device. | |||||
| CVE-2018-10199 | 1 Mruby | 1 Mruby | 2018-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code. | |||||
| CVE-2014-0931 | 1 Ibm | 1 Rational Clearcase | 2018-05-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263. | |||||
| CVE-2018-10133 | 1 Pbootcms | 1 Pbootcms | 2018-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | |||||
| CVE-2017-14459 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2018-05-22 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. | |||||
| CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2018-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | |||||
| CVE-2018-1290 | 1 Apache | 1 Fineract | 2018-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class. | |||||
| CVE-2018-9284 | 1 D-link | 2 Dir-868l, Singapore Starhub Firmware | 2018-05-22 | 10.0 HIGH | 9.8 CRITICAL |
| authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | |||||
| CVE-2018-9126 | 1 Zldnn | 1 Dnnarticle | 2018-05-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI. | |||||