Export limit exceeded: 362704 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362704 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8972 | 1 Creditwestbank | 1 Cwcms | 2024-11-21 | N/A |
| Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. | ||||
| CVE-2018-8971 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | N/A |
| The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | ||||
| CVE-2018-8970 | 1 Openbsd | 1 Libressl | 2024-11-21 | N/A |
| The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. | ||||
| CVE-2018-8969 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-8968 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-8967 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. | ||||
| CVE-2018-8966 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | ||||
| CVE-2018-8965 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-8964 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | ||||
| CVE-2018-8963 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | ||||
| CVE-2018-8962 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | ||||
| CVE-2018-8961 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | ||||
| CVE-2018-8960 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | N/A |
| The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | ||||
| CVE-2018-8957 | 1 Covercms Project | 1 Covercms | 2024-11-21 | N/A |
| CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. | ||||
| CVE-2018-8956 | 1 Ntp | 1 Ntp | 2024-11-21 | 5.3 Medium |
| ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. | ||||
| CVE-2018-8955 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | N/A |
| The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | ||||
| CVE-2018-8954 | 1 Ca | 1 Workload Control Center | 2024-11-21 | N/A |
| CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | ||||
| CVE-2018-8953 | 1 Ca | 1 Workload Automation Ae | 2024-11-21 | N/A |
| CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | ||||
| CVE-2018-8949 | 1 Misp-project | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute. | ||||
| CVE-2018-8948 | 1 Misp-project | 1 Misp | 2024-11-21 | N/A |
| In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | ||||