Total
323564 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | ||||
| CVE-2018-11348 | 1 Yunohost | 1 Yunohost | 2024-11-21 | N/A |
| Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session. | ||||
| CVE-2018-11347 | 1 Yunohost | 1 Yunohost | 2024-11-21 | N/A |
| The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning. | ||||
| CVE-2018-11346 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
| An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | ||||
| CVE-2018-11345 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
| An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system. | ||||
| CVE-2018-11344 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
| A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | ||||
| CVE-2018-11343 | 1 Asustor | 1 Soundsgood | 2024-11-21 | N/A |
| A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | ||||
| CVE-2018-11342 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
| A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. | ||||
| CVE-2018-11341 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
| Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. | ||||
| CVE-2018-11340 | 1 Asustor | 2 As6202t, As6202t Firmware | 2024-11-21 | N/A |
| An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed. | ||||
| CVE-2018-11339 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A |
| An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. | ||||
| CVE-2018-11338 | 1 Intuit | 1 Lacerte | 2024-11-21 | N/A |
| Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable. | ||||
| CVE-2018-11335 | 1 Genesis Vision | 1 Gvtoken | 2024-11-21 | N/A |
| GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | ||||
| CVE-2018-11334 | 1 Windscribe | 1 Windscribe | 2024-11-21 | N/A |
| Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. | ||||
| CVE-2018-11332 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. | ||||
| CVE-2018-11331 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess. | ||||
| CVE-2018-11330 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted. | ||||
| CVE-2018-11329 | 1 Ethercartel | 1 Ether Cartel | 2024-11-21 | 7.5 High |
| The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018. | ||||
| CVE-2018-11328 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. | ||||
| CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | ||||