Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6935 | 1 Student Profile Management System Script Project | 1 Student Profile Management System Script | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. | |||||
| CVE-2018-6904 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. | |||||
| CVE-2018-9330 | 1 Coremail | 1 Coremail Xt | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. | |||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | |||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | |||||
| CVE-2018-9155 | 1 Open-audit | 1 Open-audit | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). | |||||
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | |||||
| CVE-2018-10121 | 1 Monstra | 1 Monstra | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action. | |||||
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | |||||
| CVE-2015-4557 | 1 Nextendweb | 1 Nextend Twitter Connect | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413. | |||||
| CVE-2015-0151 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2018-10000 | 1 Videodownloaderultimate | 1 Video Downloader | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. | |||||
| CVE-2018-9993 | 1 Yunucms | 1 Yunucms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | |||||
| CVE-2018-6182 | 1 Mahara | 1 Mahara | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server. | |||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | |||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | |||||
| CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | |||||
| CVE-2017-18260 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter). | |||||
| CVE-2018-0892 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2018-05-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998. | |||||
| CVE-2018-0556 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0554 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | |||||
| CVE-2018-0555 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | |||||
| CVE-2018-10201 | 1 Ncomputing | 1 Vspace Pro | 2018-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667. | |||||
| CVE-2017-12090 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2018-05-15 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. | |||||
| CVE-2014-2359 | 1 Oleumtech | 4 Ad1, Ad1 Firmware, Ft1 and 1 more | 2018-05-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. | |||||
| CVE-2018-10068 | 1 Jdownloads | 1 Jdownloads | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The jDownloads extension before 3.2.59 for Joomla! has XSS. | |||||
| CVE-2018-9864 | 1 Wp-livechat | 1 Wp Live Chat Support | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | |||||
| CVE-2018-1000153 | 1 Jenkins | 1 Vsphere | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection"). | |||||
| CVE-2018-6874 | 1 Auth0 | 1 Auth0.js | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. | |||||
| CVE-2018-1282 | 1 Apache | 1 Hive | 2018-05-15 | 7.5 HIGH | 9.1 CRITICAL |
| This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. | |||||
| CVE-2018-1284 | 1 Apache | 1 Hive | 2018-05-15 | 4.3 MEDIUM | 3.7 LOW |
| In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false. | |||||
| CVE-2018-1000148 | 1 Jenkins | 1 Copy To Slave | 2018-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system. | |||||
| CVE-2018-9127 | 1 Botan Project | 1 Botan | 2018-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character. | |||||
| CVE-2018-1000142 | 1 Jenkins | 1 Github Pull Request Builder | 2018-05-15 | 2.1 LOW | 7.8 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | |||||
| CVE-2018-9158 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2018-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end. | |||||
| CVE-2018-9165 | 1 Libming | 1 Libming | 2018-05-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file. | |||||
| CVE-2018-1000143 | 1 Jenkins | 1 Github Pull Request Builder | 2018-05-15 | 2.1 LOW | 6.7 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | |||||
| CVE-2018-1000150 | 1 Jenkins | 1 Reverse Proxy Auth | 2018-05-15 | 2.1 LOW | 3.3 LOW |
| An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. | |||||
| CVE-2018-1000147 | 1 Perforce | 1 Perforce | 2018-05-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them | |||||
| CVE-2018-1000151 | 1 Jenkins | 1 Vsphere | 2018-05-15 | 6.8 MEDIUM | 5.6 MEDIUM |
| A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. | |||||
| CVE-2018-9856 | 1 Kotti Project | 1 Kotti | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. | |||||
| CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | |||||
| CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | |||||
| CVE-2018-3589 | 1 Qualcomm | 10 Mdm9650, Mdm9650 Firmware, Mdm9655 and 7 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer. | |||||
| CVE-2018-3593 | 1 Qualcomm | 50 Mdm9206, Mdm9206 Firmware, Mdm9607 and 47 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, repeated enable/disable eMBMS requests may result in a double free condition. | |||||
| CVE-2018-3590 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Sd 205 and 25 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while handling requests from Android. | |||||
| CVE-2018-9156 | 1 Axis | 2 P1354, P1354 Firmware | 2018-05-15 | 7.6 HIGH | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. | |||||
| CVE-2018-9157 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2018-05-15 | 7.6 HIGH | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. | |||||
| CVE-2018-6849 | 1 Duckduckgo | 1 Duckduckgo | 2018-05-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request. | |||||
| CVE-2018-9230 | 1 Openresty | 1 Openresty | 2018-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty. | |||||