Search Results (83071 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-7265 1 Shimmie2 Project 1 Shimmie2 2024-11-21 N/A
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.
CVE-2018-7264 1 Activepdf 1 Activepdf Toolkit 2024-11-21 N/A
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
CVE-2018-7261 1 Radiantcms 1 Radiant Cms 2024-11-21 N/A
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).
CVE-2018-7260 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2018-7241 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-11-21 N/A
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
CVE-2018-7240 1 Schneider-electric 26 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 23 more 2024-11-21 N/A
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
CVE-2018-7229 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
CVE-2018-7203 1 Lynxtechnology 1 Twonky Server 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
CVE-2018-7202 1 Projectsend 1 Projectsend 2024-11-21 N/A
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.
CVE-2018-7198 1 Octobercms 1 October 2024-11-21 N/A
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
CVE-2018-7197 1 Pluck-cms 1 Pluck 2024-11-21 N/A
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
CVE-2018-7196 1 Osticket 1 Osticket 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
CVE-2018-7193 1 Osticket 1 Osticket 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
CVE-2018-7192 1 Osticket 1 Osticket 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.
CVE-2018-7188 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
CVE-2018-7187 2 Debian, Golang 2 Debian Linux, Go 2024-11-21 8.8 High
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
CVE-2018-7186 2 Debian, Leptonica 2 Debian Linux, Leptonica 2024-11-21 N/A
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
CVE-2018-7183 4 Canonical, Freebsd, Netapp and 1 more 4 Ubuntu Linux, Freebsd, Element Software and 1 more 2024-11-21 N/A
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
CVE-2018-7169 1 Shadow Project 1 Shadow 2024-11-21 N/A
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
CVE-2018-7117 1 Hp 20 Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10, Proliant Dl120 Gen10 and 17 more 2024-11-21 N/A
A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.