Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16454 | 1 Currency Converter Script Project | 1 Currency Converter Script | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. | |||||
| CVE-2018-15188 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | |||||
| CVE-2012-4430 | 2 Bacula, Debian | 2 Bacula, Debian Linux | 2018-10-09 | 4.0 MEDIUM | N/A |
| The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. | |||||
| CVE-2005-2995 | 1 Bacula | 1 Bacula | 2018-10-09 | 3.6 LOW | N/A |
| bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in. | |||||
| CVE-2007-5626 | 1 Bacula | 1 Bacula | 2018-10-09 | 2.1 LOW | N/A |
| make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | |||||
| CVE-2008-5373 | 1 Bacula | 1 Bacula | 2018-10-09 | 6.9 MEDIUM | N/A |
| mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. | |||||
| CVE-2017-15367 | 1 Bacula | 1 Bacula-web | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. | |||||
| CVE-2018-1000605 | 1 Jenkins | 1 Collabnet | 2018-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-1999034 | 1 Jenkins | 1 Inedo Proget | 2018-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2016-8527 | 1 Hp | 1 Airwave | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. | |||||
| CVE-2016-4391 | 1 Hp | 1 Arcsight Winc Connector | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | |||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2018-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | |||||
| CVE-2018-7070 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-12941 | 1 Seeddms | 1 Seeddms | 2018-10-09 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system. | |||||
| CVE-2015-1947 | 1 Ibm | 1 Infosphere Biginsights | 2018-10-09 | 6.9 MEDIUM | 7.4 HIGH |
| Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program. | |||||
| CVE-2018-1000806 | 2018-10-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17074. Reason: This candidate is a reservation duplicate of CVE-2018-17074. Notes: All CVE users should reference CVE-2018-17074 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2018-7071 | 1 Hp | 1 Network Function Virtualization Director | 2018-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. | |||||
| CVE-2018-15191 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2018-10-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. | |||||
| CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2018-10-06 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. | |||||
| CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | |||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2018-14837 | 1 Wolfcms | 1 Wolf Cms | 2018-10-05 | 3.5 LOW | 4.8 MEDIUM |
| Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. | |||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | |||||
| CVE-2018-1999035 | 1 Jenkins | 1 Inedo Buildmaster | 2018-10-05 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-14581 | 1 Red-gate | 2 .net Reflector, Smartassembly | 2018-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file. | |||||
| CVE-2016-4405 | 1 Hp | 1 Business Service Management | 2018-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 | |||||
| CVE-2017-13652 | 1 Netapp | 1 Oncommand Insight | 2018-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. | |||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
| CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | |||||
| CVE-2018-15130 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | |||||
| CVE-2017-16349 | 1 Sap | 1 Business Planning And Consolidation | 2018-10-05 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability. | |||||
| CVE-2016-4398 | 1 Hp | 1 Network Node Manager I | 2018-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | |||||
| CVE-2017-8990 | 1 Hp | 1 Imc Wireless Service Manager | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version. | |||||
| CVE-2018-7748 | 1 Servicenow | 1 Servicenow | 2018-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. | |||||
| CVE-2018-3924 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-3939 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2017-8991 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2018-15129 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | |||||
| CVE-2018-15168 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | |||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | |||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | |||||
| CVE-2016-4403 | 1 Hp | 1 Keyview | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption. | |||||
| CVE-2016-4404 | 1 Hp | 1 Keyview | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue. | |||||
| CVE-2016-4402 | 1 Hp | 1 Keyview | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow. | |||||
| CVE-2016-4397 | 1 Hp | 1 Network Node Manager I | 2018-10-05 | 4.6 MEDIUM | 7.8 HIGH |
| A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | |||||
| CVE-2018-7078 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware | 2018-10-05 | 9.0 HIGH | 7.2 HIGH |
| A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. | |||||
| CVE-2018-7092 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 6.4 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. | |||||
| CVE-2018-15178 | 1 Gogs | 1 Gogs | 2018-10-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | |||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | |||||