Search Results (83072 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-7564 1 Polycom 2 Qdx 6000, Qdx 6000 Firmware 2024-11-21 N/A
Stored XSS exists on Polycom QDX 6000 devices.
CVE-2018-7563 1 Glpi-project 1 Glpi 2024-11-21 N/A
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
CVE-2018-7561 2 Tenda, Tendacn 2 Ac9, Ac9 Firmware 2024-11-21 N/A
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-7553 2 Debian, Sam2p Project 2 Debian Linux, Sam2p 2024-11-21 N/A
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
CVE-2018-7550 4 Canonical, Debian, Qemu and 1 more 11 Ubuntu Linux, Debian Linux, Qemu and 8 more 2024-11-21 8.8 High
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2018-7547 1 Lingyun 1 Lyadmin 2024-11-21 4.8 Medium
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.
CVE-2018-7519 1 Omron 1 Cx-supervisor 2024-11-21 5.3 Medium
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.
CVE-2018-7517 1 Omron 1 Cx-supervisor 2024-11-21 N/A
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability.
CVE-2018-7514 1 Omron 7 Cx-flnet, Cx-one, Cx-programmer and 4 more 2024-11-21 7.8 High
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
CVE-2018-7513 1 Omron 1 Cx-supervisor 2024-11-21 5.3 Medium
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.
CVE-2018-7512 1 Geutebrueck 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more 2024-11-21 N/A
A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
CVE-2018-7509 1 Deltaww 1 Wplsoft 2024-11-21 N/A
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
CVE-2018-7508 1 Osisoft 2 Pi Vision, Pi Web Api 2024-11-21 N/A
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.
CVE-2018-7504 1 Osisoft 1 Pi Vision 2024-11-21 N/A
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting.
CVE-2018-7499 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 9.8 Critical
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-7495 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
CVE-2018-7487 2 Debian, Sam2p Project 2 Debian Linux, Sam2p 2024-11-21 N/A
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.
CVE-2018-7476 1 Finecms 1 Finecms 2024-11-21 N/A
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.
CVE-2018-7475 1 Icewarp 1 Mail Server 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-7469 1 Entrepreneur Job Portal Script Project 1 Entrepreneur Job Portal Script 2024-11-21 N/A
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).