Search Results (83038 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-5196 1 Estsoft 1 Alzip 2024-11-21 N/A
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
CVE-2018-5179 2 Mozilla, Redhat 2 Firefox, Rhel Extras 2024-11-21 N/A
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
CVE-2018-5176 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.
CVE-2018-5175 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
CVE-2018-5172 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.
CVE-2018-5167 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.
CVE-2018-5164 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.
CVE-2018-5143 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.
CVE-2018-5124 1 Mozilla 1 Firefox 2024-11-21 N/A
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
CVE-2018-5122 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 N/A
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.
CVE-2018-5078 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2024-11-21 N/A
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.
CVE-2018-5077 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2024-11-21 N/A
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.
CVE-2018-5076 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2024-11-21 N/A
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.
CVE-2018-5075 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2024-11-21 N/A
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.
CVE-2018-5074 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2024-11-21 N/A
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.
CVE-2018-5072 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2024-11-21 N/A
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.
CVE-2018-5071 1 Cobham 2 Sea Tel 116, Sea Tel 116 Firmware 2024-11-21 N/A
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.
CVE-2018-5070 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2024-11-21 N/A
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5069 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2024-11-21 N/A
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5067 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2024-11-21 N/A
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.