Total
323682 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11141 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions. | ||||
| CVE-2018-11140 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | ||||
| CVE-2018-11139 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method. | ||||
| CVE-2018-11137 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script. | ||||
| CVE-2018-11136 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | ||||
| CVE-2018-11135 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | 8.8 High |
| The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | ||||
| CVE-2018-11134 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges. | ||||
| CVE-2018-11133 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | ||||
| CVE-2018-11132 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root. | ||||
| CVE-2018-11130 | 1 Vcftools Project | 1 Vcftools | 2024-11-21 | N/A |
| The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file. | ||||
| CVE-2018-11129 | 1 Vcftools Project | 1 Vcftools | 2024-11-21 | N/A |
| The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file. | ||||
| CVE-2018-11128 | 1 Pdfparser | 1 Pdfparser | 2024-11-21 | N/A |
| The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file. | ||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | ||||
| CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2024-11-21 | N/A |
| dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | ||||
| CVE-2018-11124 | 1 Opmantek | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | ||||
| CVE-2018-11120 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | ||||
| CVE-2018-11119 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | ||||
| CVE-2018-11118 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php. | ||||
| CVE-2018-11117 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute. | ||||
| CVE-2018-11116 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 8.8 High |
| OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately | ||||