Total
324439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17846 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. | ||||
| CVE-2018-17843 | 1 Mlmsoftwarez | 10 Add Clicking Mlm Software, Autopool Mlm Software, Bidding Mlm Software and 7 more | 2024-11-21 | N/A |
| SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter. | ||||
| CVE-2018-17842 | 1 Scriptzee | 1 Hotel Booking Engine | 2024-11-21 | 9.8 Critical |
| SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | ||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | ||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | ||||
| CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | ||||
| CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. | ||||
| CVE-2018-17836 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. | ||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | ||||
| CVE-2018-17832 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | N/A |
| XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. | ||||
| CVE-2018-17831 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used. | ||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | ||||
| CVE-2018-17827 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | N/A |
| HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php. | ||||
| CVE-2018-17826 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | N/A |
| HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico). | ||||
| CVE-2018-17825 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 9.8 Critical |
| An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE. | ||||
| CVE-2018-17798 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-17796 | 1 Mushroom Content Management System Project | 1 Mushroom Content Management System | 2024-11-21 | N/A |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | ||||
| CVE-2018-17795 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A |
| The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. | ||||
| CVE-2018-17794 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. | ||||