Total
323678 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15144 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. | ||||
| CVE-2018-15143 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. | ||||
| CVE-2018-15142 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | ||||
| CVE-2018-15141 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. | ||||
| CVE-2018-15140 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get. | ||||
| CVE-2018-15139 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | ||||
| CVE-2018-15138 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | N/A |
| Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | ||||
| CVE-2018-15137 | 1 Cela Link | 2 Clr-m20, Clr-m20 Firmware | 2024-11-21 | N/A |
| CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. | ||||
| CVE-2018-15136 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | N/A |
| TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application. | ||||
| CVE-2018-15132 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2024-11-21 | N/A |
| An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. | ||||
| CVE-2018-15131 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. | ||||
| CVE-2018-15130 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | N/A |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | ||||
| CVE-2018-15129 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | N/A |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | ||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2024-11-21 | N/A |
| An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | ||||
| CVE-2018-15127 | 4 Canonical, Debian, Libvnc Project and 1 more | 10 Ubuntu Linux, Debian Linux, Libvncserver and 7 more | 2024-11-21 | N/A |
| LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution | ||||
| CVE-2018-15126 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | N/A |
| LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution | ||||
| CVE-2018-15125 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2024-11-21 | N/A |
| Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. | ||||
| CVE-2018-15124 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2024-11-21 | N/A |
| Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. | ||||
| CVE-2018-15123 | 1 Zipato | 2 Zipabox, Zipabox Firmware | 2024-11-21 | N/A |
| Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. | ||||
| CVE-2018-15122 | 1 Telerik | 2 Justassembly, Justdecompile | 2024-11-21 | N/A |
| An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. | ||||