Search Results (83067 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-7064 2 Arubanetworks, Siemens 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware 2024-11-21 N/A
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
CVE-2018-7057 1 Steelcase 2 Roomwizard, Roomwizard Firmware 2024-11-21 N/A
RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.
CVE-2018-7049 1 Wowza 1 Streaming Engine 2024-11-21 N/A
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
CVE-2018-7047 1 Wowza 1 Streaming Engine 2024-11-21 N/A
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
CVE-2018-7035 1 Gleezcms 1 Gleez Cms 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
CVE-2018-7032 1 Myrepos Project 1 Myrepos 2024-11-21 N/A
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.
CVE-2018-6978 1 Vmware 1 Vrealize Operations 2024-11-21 N/A
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
CVE-2018-6973 1 Vmware 2 Fusion, Workstation 2024-11-21 N/A
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
CVE-2018-6958 1 Vmware 1 Vrealize Automation 2024-11-21 N/A
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.
CVE-2018-6957 1 Vmware 3 Fusion, Workstation Player, Workstation Pro 2024-11-21 N/A
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
CVE-2018-6944 1 Ultimatemember 1 Ultimate Member 2024-11-21 N/A
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
CVE-2018-6943 1 Ultimatemember 1 Ultimatemember 2024-11-21 N/A
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
CVE-2018-6940 1 Nat32 1 Nat32 2024-11-21 N/A
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
CVE-2018-6936 2 D-link, Dlink 2 Dir-600m C1 Firmware, Dir-600m C1 2024-11-21 N/A
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
CVE-2018-6935 1 Student Profile Management System Script Project 1 Student Profile Management System Script 2024-11-21 N/A
PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.
CVE-2018-6926 1 Misp 1 Misp 2024-11-21 N/A
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
CVE-2018-6913 3 Canonical, Debian, Perl 3 Ubuntu Linux, Debian Linux, Perl 2024-11-21 N/A
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
CVE-2018-6911 1 Advantech 1 Webaccess 2024-11-21 N/A
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
CVE-2018-6906 1 Rainmachine 1 Rainmachine Web Application 2024-11-21 N/A
A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API.
CVE-2018-6905 1 Typo3 1 Typo3 2024-11-21 N/A
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.