57960 matches found
ROOT-OS-UBUNTU-2404-CVE-2018-12930 CVE-2018-12930 in rootio-linux - Patched by Root
Root has patched CVE-2018-12930 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2018-12931 CVE-2018-12931 in rootio-linux - Patched by Root
Root has patched CVE-2018-12931 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2018-12928 CVE-2018-12928 in rootio-linux - Patched by Root
Root has patched CVE-2018-12928 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
SugarCRM 3.5.1 - Cross-Site Scripting
SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string aka a $key variable. id: CVE-2018-5715 info: name: SugarCRM 3.5.1 - Cross-Site Scripting author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site...
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. id: CVE-2018-19136 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting v...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. id: CVE-2018-19137 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via...
LG-Ericsson iPECS NMS 30M - Local File Inclusion
Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...
FlexPaper/FlowPaper 2.3.6 - Remote Code Execution
The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php. id: CVE-2018-11686 info: name: FlexPaper/FlowPaper 2.3.6 - Remote Code Execution author: iamnoooob,pdresearch,pszyszkowski severity: critical description: | The Publish...
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. id: CVE-2018-15917 info: name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium...
Apache Tika < 1.1.8 - Header Command Injection
Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...
Gogs (Go Git Service) 0.11.66 - Remote Code Execution
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. id: CVE-2018-18925 info: name: Go...
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...
Zoho ManageEngine OpManager - SQL Injection
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...
WordPress JSmol2WP <=1.07 - Cross-Site Scripting
WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...
Zeit Next.js < 4.2.3 - Local File Inclusion
Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2018-6184 info: name: Zeit Next.js =4.2...