Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6506 | 1 Minibb | 1 Minibb | 2018-03-06 | 3.5 LOW | 4.8 MEDIUM |
| Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field. | |||||
| CVE-2018-7314 | 1 Mlwebtechnologies | 1 Prayercenter | 2018-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. | |||||
| CVE-2017-8984 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found. | |||||
| CVE-2018-6890 | 1 Wolfcms | 1 Wolf Cms | 2018-03-06 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. | |||||
| CVE-2017-8981 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. | |||||
| CVE-2017-8983 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | |||||
| CVE-2018-0512 | 1 Iodata | 90 Bx-vp1, Bx-vp1 Firmware, Gv-ntx1 and 87 more | 2018-03-06 | 7.7 HIGH | 6.8 MEDIUM |
| Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-8956 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |||||
| CVE-2017-12554 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2017-8958 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 9.3 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found. | |||||
| CVE-2018-6293 | 1 Hyland | 1 Saperion Web Client | 2018-03-06 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | |||||
| CVE-2017-12520 | 1 Hp | 1 Intelligent Management Center | 2018-03-06 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2017-18179 | 1 Progress | 1 Sitefinity | 2018-03-05 | 6.5 MEDIUM | 8.8 HIGH |
| Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1. | |||||
| CVE-2017-18175 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. | |||||
| CVE-2017-18178 | 1 Progress | 1 Sitefinity | 2018-03-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. | |||||
| CVE-2017-18177 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1. | |||||
| CVE-2017-18176 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | |||||
| CVE-2017-5785 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 6.4 MEDIUM | 6.5 MEDIUM |
| A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-5783 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-5784 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 5.8 MEDIUM | 6.5 MEDIUM |
| A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-5781 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-5782 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 5.8 MEDIUM | 5.4 MEDIUM |
| A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-5780 | 1 Hp | 1 Matrix Operating Environment | 2018-03-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||
| CVE-2017-12561 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. | |||||
| CVE-2017-12558 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2016-8523 | 1 Hp | 1 Smart Storage Administrator | 2018-03-05 | 9.0 HIGH | 8.8 HIGH |
| A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found. | |||||
| CVE-2017-12556 | 1 Hp | 1 Intelligent Management Center | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | |||||
| CVE-2016-8522 | 1 Hp | 1 Diagnostics | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | |||||
| CVE-2016-8521 | 1 Hp | 1 Diagnostics | 2018-03-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | |||||
| CVE-2016-8519 | 1 Hp | 1 Operations Orchestration | 2018-03-05 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | |||||
| CVE-2016-8518 | 1 Hp | 1 Systems Insight Manager | 2018-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | |||||
| CVE-2009-2413 | 2018-03-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2009. Notes: none. | |||||
| CVE-2016-5308 | 2 Microsoft, Symantec | 2 Windows, Client Intrusion Detection System | 2018-03-05 | 7.1 HIGH | 5.5 MEDIUM |
| The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | |||||
| CVE-2018-1000062 | 1 Wondercms | 1 Wondercms | 2018-03-05 | 3.5 LOW | 4.4 MEDIUM |
| WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File. | |||||
| CVE-2016-8516 | 1 Hp | 1 Systems Insight Manager | 2018-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | |||||
| CVE-2016-8517 | 1 Hp | 1 Systems Insight Manager | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | |||||
| CVE-2018-5991 | 1 Web-dorado | 1 Form Maker | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | |||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | |||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | |||||
| CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2018-03-05 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | |||||
| CVE-2018-6368 | 1 Comdev | 1 Jomestate Pro | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |||||
| CVE-2018-6370 | 1 Neojoomla | 1 Neorecruit | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | |||||
| CVE-2018-6372 | 1 Joombooking | 1 Jb Bus | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | |||||
| CVE-2018-6396 | 1 Google Map Landkarten Project | 1 Google Map Landkarten | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | |||||
| CVE-2018-6583 | 1 Quanticalabs | 1 Timetable Responsive Schedule | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | |||||
| CVE-2018-6585 | 1 Techjoomla | 1 Jticketing | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | |||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | |||||
| CVE-2018-7313 | 1 Cwjoomla | 1 Cw Tags | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. | |||||
| CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | |||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2018-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | |||||