Total
324089 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16370 | 1 Pescms | 1 Pescms Team | 2024-11-21 | N/A |
| In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. | ||||
| CVE-2018-16369 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. | ||||
| CVE-2018-16368 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | ||||
| CVE-2018-16367 | 1 Qduoj | 1 Onlinejudge | 2024-11-21 | N/A |
| In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. | ||||
| CVE-2018-16366 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | ||||
| CVE-2018-16365 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | ||||
| CVE-2018-16364 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.1 High |
| A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | ||||
| CVE-2018-16363 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | N/A |
| The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | ||||
| CVE-2018-16362 | 1 Mantisbt | 1 Source Integration | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. | ||||
| CVE-2018-16361 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. | ||||
| CVE-2018-16359 | 1 Google | 1 Gvisor | 2024-11-21 | N/A |
| Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. | ||||
| CVE-2018-16358 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | ||||
| CVE-2018-16357 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | ||||
| CVE-2018-16356 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. | ||||
| CVE-2018-16354 | 1 Fhcrm Project | 1 Fhcrm | 2024-11-21 | N/A |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. | ||||
| CVE-2018-16353 | 1 Fhcrm Project | 1 Fhcrm | 2024-11-21 | N/A |
| An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. | ||||
| CVE-2018-16352 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | N/A |
| There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. | ||||
| CVE-2018-16350 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | ||||
| CVE-2018-16349 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | ||||
| CVE-2018-16348 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. | ||||