Search Results (322896 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-17320 1 Ucms Project 1 Ucms 2024-11-21 N/A
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
CVE-2018-17317 1 Fruitywifi Project 1 Fruitywifi 2024-11-21 N/A
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.
CVE-2018-17316 1 Ricoh 2 Mp C6003, Mp C6003 Firmware 2024-11-21 N/A
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17315 1 Ricoh 2 Mp C2003, Mp C2003sp Firmware 2024-11-21 N/A
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17314 1 Ricoh 2 Mp 305\+, Mp 305\+ Firmware 2024-11-21 N/A
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17313 1 Ricoh 2 Mp C307, Mp C307 Firmware 2024-11-21 N/A
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17312 1 Ricoh 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware 2024-11-21 N/A
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17311 1 Ricoh 2 Mp C6503, Mp C6503 Firmware 2024-11-21 N/A
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17310 1 Ricoh 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware 2024-11-21 N/A
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17309 1 Ricoh 2 Mp C406z, Mp C406zspf Firmware 2024-11-21 N/A
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17305 1 Uipath 1 Orchestrator 2024-11-21 N/A
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
CVE-2018-17302 1 Espocrm 1 Espocrm 2024-11-21 N/A
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
CVE-2018-17301 1 Espocrm 1 Espocrm 2024-11-21 N/A
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
CVE-2018-17300 1 Cuppacms 1 Cuppacms 2024-11-21 4.8 Medium
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVE-2018-17298 1 Enalean 1 Tuleap 2024-11-21 N/A
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
CVE-2018-17297 1 Hutool 1 Hutool 2024-11-21 N/A
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
CVE-2018-17294 3 Canonical, Liblouis, Opensuse 3 Ubuntu Linux, Liblouis, Leap 2024-11-21 N/A
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
CVE-2018-17293 1 Webassembly Virtual Machine Project 1 Webassembly Virtual Machine 2024-11-21 N/A
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.
CVE-2018-17292 1 Webassembly Virtual Machine Project 1 Webassembly Virtual Machine 2024-11-21 N/A
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes.
CVE-2018-17289 1 Kofax 1 Front Office Server 2024-11-21 N/A
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.