Search Results (83086 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-9285 1 Asus 22 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 19 more 2024-11-21 N/A
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
CVE-2018-9283 1 Cremecrm 1 Cremecrm 2024-11-21 N/A
An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page.
CVE-2018-9282 1 Subsonic 1 Subsonic 2024-11-21 N/A
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user's session, or elevate privileges by targeting an administrative user.
CVE-2018-9281 1 Eaton 2 9px Ups, 9px Ups Firmware 2024-11-21 N/A
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently.
CVE-2018-9274 1 Wireshark 1 Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
CVE-2018-9273 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
CVE-2018-9272 1 Wireshark 1 Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
CVE-2018-9271 1 Wireshark 1 Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
CVE-2018-9270 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
CVE-2018-9269 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
CVE-2018-9268 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
CVE-2018-9267 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
CVE-2018-9266 1 Wireshark 1 Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.
CVE-2018-9265 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
CVE-2018-9264 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
CVE-2018-9244 1 Gitlab 1 Gitlab 2024-11-21 N/A
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-9243 1 Gitlab 1 Gitlab 2024-11-21 N/A
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-9238 1 Yahei 1 Yahei Php Prober 2024-11-21 N/A
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.
CVE-2018-9237 1 Iscripts 1 Easycreate 2024-11-21 N/A
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
CVE-2018-9236 1 Iscripts 1 Easycreate 2024-11-21 N/A
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.