Total
291510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18492 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-11-21 | N/A |
| The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. | ||||
| CVE-2017-18491 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. | ||||
| CVE-2017-18490 | 1 Bestwebsoft | 1 Contact Form Multi | 2024-11-21 | N/A |
| The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. | ||||
| CVE-2017-18489 | 1 Mediaburst | 1 Contact Form 7 - Clockwork Sms | 2024-11-21 | N/A |
| The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. | ||||
| CVE-2017-18488 | 1 Backup-guard | 1 Backup Guard | 2024-11-21 | N/A |
| The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. | ||||
| CVE-2017-18487 | 1 Google Adsense Project | 1 Google Adsense | 2024-11-21 | N/A |
| The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. | ||||
| CVE-2017-18486 | 1 Jitbit | 1 Helpdesk | 2024-11-21 | N/A |
| Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. | ||||
| CVE-2017-18485 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2024-11-21 | N/A |
| Cognitoys Dino devices allow profiles_add.html CSRF. | ||||
| CVE-2017-18484 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2024-11-21 | N/A |
| Cognitoys Dino devices allow XSS via the SSID. | ||||
| CVE-2017-18483 | 1 Annke | 2 Sp1, Sp1 Firmware | 2024-11-21 | N/A |
| ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. | ||||
| CVE-2017-18482 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | ||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | ||||
| CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | ||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | ||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | ||||
| CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | ||||
| CVE-2017-18476 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | ||||
| CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | ||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | ||||
| CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | ||||