69 matches found
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...
Quest KACE SMA /common/run_cross_report.php 'fmt' XSS
The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. id: CVE-2018-11133 info: name: Quest KACE SMA /common/runcrossreport.php 'fmt' XSS author: iamnoooob,pdresearch severity: medium...
Intelbras NPLUG 1.0.0.14 - Authentication Bypass
Intelbras NPLUG 1.0.0.14 is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication by simply setting a cookie named "admin:". id: CVE-2018-12455 info: name: Intelbras NPLUG 1.0.0.14 - Authentication Bypass author: ritikchaddha severity: critical...
NagiosXI <= 5.4.12 logbook.php SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. id: CVE-2018-10737 info: name: NagiosXI = 5.4.12 logbook.php SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4....
NagiosXI <= 5.4.12 - SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. id: CVE-2018-10736 info: name: NagiosXI = 5.4.12 - SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the...
Grav CMS <1.3.0 - Cross-Site Scripting
Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools. id: CVE-2018-5233 info: name: Grav CMS 1.3.0 - Cross-Site Scripting author: pikpikcu severity:...
YzmCMS v3.6 - Cross-Site Scripting
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...
node-srv - Local File Inclusion
node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path. id: CVE-2018-3714 info: name: node-srv - Local File Inclusion author: madrobot severity: medium description: node-srv is vulnerable to local fil...
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...
Acrolinx Server <5.2.5 - Local File Inclusion
Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. id: CVE-2018-7719 info: name: Acrolinx Server 5.2.5 - Local File Inclusion author: 0xakoko severity: high description: | Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. impact: |...
Atlassian Jira Confluence - Cross-Site Scripting
Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. id: CVE-2018-3238 info: name: Oracle Fusion...
Ruby On Rails - Local File Inclusion
Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. id: CVE-2018-19752 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through 4.11.01 contains a...
CirCarLife <4.3 - Improper Authentication
CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16670 info: name: CirCarLife 4.3 -...
Oracle E-Business Suite - Blind SSRF
Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...
Joomla! JCK Editor SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...
LogonTracer <=1.2.0 - Remote Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...