Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-16792 1 Solarwinds 1 Sftp\/scp Server 2024-11-21 9.1 Critical
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
CVE-2018-16763 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 9.8 Critical
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVE-2018-16659 1 Rausoft 1 Id.prove 2024-11-21 9.8 Critical
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
CVE-2018-16530 1 Forcepoint 1 Email Security 2024-11-21 9.8 Critical
A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
CVE-2018-16529 1 Forcepoint 1 Email Security 2024-11-21 9.8 Critical
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
CVE-2018-16489 1 Just-extend Project 1 Just-extend 2024-11-21 9.8 Critical
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
CVE-2018-16462 1 Apex-publish-static-files Project 1 Apex-publish-static-files 2024-11-21 10.0 Critical
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
CVE-2018-16402 5 Canonical, Debian, Elfutils Project and 2 more 10 Ubuntu Linux, Debian Linux, Elfutils and 7 more 2024-11-21 9.8 Critical
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16357 1 Pbootcms 1 Pbootcms 2024-11-21 9.8 Critical
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
CVE-2018-16356 1 Pbootcms 1 Pbootcms 2024-11-21 9.8 Critical
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
CVE-2018-16272 1 Samsung 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more 2024-11-21 9.8 Critical
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVE-2018-15873 1 Sapplica 1 Sentrifugo 2024-11-21 9.8 Critical
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.
CVE-2018-15839 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 9.8 Critical
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVE-2018-15632 1 Odoo 1 Odoo 2024-11-21 9.1 Critical
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
CVE-2018-15152 1 Open-emr 1 Openemr 2024-11-21 9.1 Critical
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
CVE-2018-14823 1 Fujielectric 2 V-server, V-server Firmware 2024-11-21 9.8 Critical
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-14818 1 We-con 2 Pi Studio, Pi Studio Hmi 2024-11-21 9.8 Critical
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.
CVE-2018-14816 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-14813 1 Fujielectric 2 V-server, V-server Firmware 2024-11-21 9.8 Critical
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-14807 1 Opto22 1 Pac Control 2024-11-21 9.8 Critical
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.