Search Results (26989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-19725 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2018-19365 1 Wowza 1 Streaming Engine 2024-11-21 9.1 Critical
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
CVE-2018-19355 2 Mypresta, Prestashop 2 Customer Files Upload, Prestashop 2024-11-21 9.8 Critical
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).
CVE-2018-19276 1 Openmrs 1 Openmrs 2024-11-21 9.8 Critical
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
CVE-2018-19025 1 Juuko 2 K-808, K-808 Firmware 2024-11-21 9.8 Critical
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
CVE-2018-1999019 1 Chamilo 1 Chamilo Lms 2024-11-21 9.8 Critical
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
CVE-2018-18805 1 Pointofsales Project 1 Pointofsales 2024-11-21 9.8 Critical
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
CVE-2018-18761 1 Saltos 1 Saltos 2024-11-21 9.8 Critical
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
CVE-2018-18755 1 K-iwi 1 K-iwi 2024-11-21 9.8 Critical
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
CVE-2018-18571 1 Citrix 1 Xenmobile Server 2024-11-21 9.1 Critical
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
CVE-2018-18556 1 Vyos 1 Vyos 2024-11-21 9.9 Critical
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
CVE-2018-18439 1 Denx 1 U-boot 2024-11-21 9.8 Critical
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
CVE-2018-18084 1 Comsenz 1 Duomicms 2024-11-21 9.8 Critical
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
CVE-2018-18009 1 Dlink 4 Dir-140l, Dir-140l Firmware, Dir-640l and 1 more 2024-11-21 9.8 Critical
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-18007 1 Dlink 2 Dsl-2770l, Dsl-2770l Firmware 2024-11-21 9.8 Critical
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
CVE-2018-17988 1 Layerbb 1 Layerbb 2024-11-21 9.8 Critical
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2024-11-21 9.8 Critical
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17954 1 Suse 2 Openstack Cloud, Openstack Cloud Crowbar 2024-11-21 9.3 Critical
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
CVE-2018-17932 1 Juuko 2 K-800, K-800 Firmware 2024-11-21 9.8 Critical
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
CVE-2018-17930 1 Teledynedalsa 1 Sherlock 2024-11-21 9.8 Critical
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.