Total
3865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18879 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-08-05 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | ||||
| CVE-2018-18835 | 1 Doccms | 1 Doccms | 2024-08-05 | N/A |
| upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | ||||
| CVE-2018-18836 | 1 My-netdata | 1 Netdata | 2024-08-05 | N/A |
| An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. | ||||
| CVE-2018-18573 | 1 Oscommerce | 1 Oscommerce | 2024-08-05 | N/A |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. | ||||
| CVE-2018-18461 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-08-05 | N/A |
| The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | ||||
| CVE-2018-18426 | 1 S-cms | 1 S-cms | 2024-08-05 | N/A |
| s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. | ||||
| CVE-2018-18258 | 1 Bagesoft | 1 Bagecms | 2024-08-05 | N/A |
| An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI. | ||||
| CVE-2018-18249 | 1 Icinga | 1 Icinga Web 2 | 2024-08-05 | N/A |
| Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet. | ||||
| CVE-2018-18083 | 1 Comsenz | 1 Duomicms | 2024-08-05 | N/A |
| An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. | ||||
| CVE-2018-17827 | 1 Hisiphp | 1 Hisiphp | 2024-08-05 | N/A |
| HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php. | ||||
| CVE-2018-17364 | 1 Otcms | 1 Otcms | 2024-08-05 | N/A |
| OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. | ||||
| CVE-2018-17173 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
| LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | ||||
| CVE-2018-17170 | 1 Teamwire | 1 Teamwire | 2024-08-05 | N/A |
| Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected. | ||||
| CVE-2018-17133 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | ||||
| CVE-2018-17131 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | ||||
| CVE-2018-17036 | 1 Ucms Project | 1 Ucms | 2024-08-05 | 9.8 Critical |
| An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | ||||
| CVE-2018-17132 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | ||||
| CVE-2018-17134 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | ||||
| CVE-2018-17126 | 1 Chshcms | 1 Cscms | 2024-08-05 | N/A |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | ||||
| CVE-2018-17030 | 1 Bigtreecms | 1 Bigtree Cms | 2024-08-05 | N/A |
| BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | ||||