Search Results (26989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-9309 1 Zzcms 1 Zzcms 2024-11-21 9.8 Critical
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
CVE-2018-9284 1 Dlink 2 Dir-868l, Singapore Starhub Firmware 2024-11-21 9.8 Critical
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.
CVE-2018-9110 1 Std42 1 Elfinder 2024-11-21 9.1 Critical
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
CVE-2018-9109 1 Std42 1 Elfinder 2024-11-21 9.1 Critical
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
CVE-2018-9032 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 9.8 Critical
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
CVE-2018-9022 1 Broadcom 1 Privileged Access Manager 2024-11-21 9.8 Critical
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
CVE-2018-9021 1 Broadcom 1 Privileged Access Manager 2024-11-21 9.8 Critical
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
CVE-2018-9019 2 Dolibarr, Oracle 2 Dolibarr, Data Integrator 2024-11-21 9.8 Critical
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
CVE-2018-8967 1 Zzcms 1 Zzcms 2024-11-21 9.8 Critical
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
CVE-2018-8879 1 Asus 2 Rt-ac66u, Rt-ac66u Firmware 2024-11-21 9.8 Critical
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.
CVE-2018-8871 1 Deltaww 1 Tpeditor 2024-11-21 9.8 Critical
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2018-8865 1 Lantech 2 Ids 2102, Ids 2102 Firmware 2024-11-21 9.8 Critical
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-8847 1 Eaton 2 9000x, 9000x Firmware 2024-11-21 9.8 Critical
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2018-8845 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 9.8 Critical
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-8800 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8797 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8795 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
CVE-2018-8794 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
CVE-2018-8793 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8787 4 Canonical, Debian, Freerdp and 1 more 10 Ubuntu Linux, Debian Linux, Freerdp and 7 more 2024-11-21 9.8 Critical
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.