Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-9924 An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. | N/A | NONE | β | 0 |
| CVE-2018-9925 An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | N/A | NONE | β | 0 |
| CVE-2018-9926 An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. | N/A | NONE | β | 0 |
| CVE-2018-9934 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's c... | N/A | NONE | β | 0 |
| CVE-2017-1081 In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragm... | N/A | NONE | β | 0 |
| CVE-2017-18100 The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick fil... | N/A | NONE | β | 0 |
| CVE-2017-18101 Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version ... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-5227 Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cro... | N/A | NONE | β | 0 |
| CVE-2014-0158 Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impac... | N/A | NONE | β | 0 |
| CVE-2014-1398 The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statist... | N/A | NONE | β | 0 |
| CVE-2014-1399 The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspec... | N/A | NONE | β | 0 |
| CVE-2014-1400 The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspeci... | N/A | NONE | β | 0 |
| CVE-2014-1889 The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | N/A | NONE | β | 0 |
| CVE-2014-1946 OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to thems... | N/A | NONE | β | 0 |
| CVE-2014-2078 The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a fail... | N/A | NONE | β | 0 |
| CVE-2014-3114 The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.ph... | N/A | NONE | β | 0 |
| CVE-2014-3999 The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | N/A | NONE | β | 0 |
| CVE-2015-0172 IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information v... | N/A | NONE | β | 0 |
| CVE-2015-1957 IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data ... | N/A | NONE | β | 0 |
| CVE-2017-14323 SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote... | N/A | NONE | β | 0 |
| CVE-2017-14611 SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued ahe... | N/A | NONE | β | 0 |
| CVE-2018-2403 Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Manag... | N/A | NONE | β | 0 |
| CVE-2018-2404 SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. | N/A | NONE | β | 0 |
| CVE-2018-2405 SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | N/A | NONE | β | 0 |
| CVE-2018-2406 Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | N/A | NONE | β | 0 |
| CVE-2018-2408 Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created ... | N/A | NONE | β | 0 |
| CVE-2018-9996 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive sta... | N/A | NONE | β | 0 |
| CVE-2018-2409 Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an appli... | N/A | NONE | β | 0 |
| CVE-2018-2410 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | N/A | NONE | β | 0 |
| CVE-2018-2412 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | N/A | NONE | β | 0 |
| CVE-2018-2413 SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | N/A | NONE | β | 0 |
| CVE-2018-8772 Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. | N/A | NONE | β | 0 |
| CVE-2018-9037 Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | N/A | NONE | β | 0 |
| CVE-2018-9038 Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | N/A | NONE | β | 0 |
| CVE-2024-43120 Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | 5.3 | MEDIUM | β | 0 |
| CVE-2018-9918 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the ... | N/A | NONE | β | 0 |
| CVE-2018-9985 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | N/A | NONE | β | 0 |
| CVE-2018-9988 ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | 7.5 | HIGH | β | 0 |
| CVE-2018-9989 ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | 7.5 | HIGH | β | 0 |
| CVE-2018-3837 An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-boun... | 5.5 | MEDIUM | β | 0 |
| CVE-2017-18259 Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | N/A | NONE | β | 0 |
| CVE-2018-3838 An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on ... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-3839 An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write... | 8.8 | HIGH | β | 0 |
| CVE-2018-9993 YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | N/A | NONE | β | 0 |
| CVE-2016-9645 The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. | N/A | NONE | β | 0 |
| CVE-2018-9995 TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 ... | N/A | NONE | β | 0 |
| CVE-2017-18260 Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka s... | N/A | NONE | β | 0 |
| CVE-2017-9838 Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/car... | N/A | NONE | β | 0 |
| CVE-2017-9839 Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | N/A | NONE | β | 0 |
| CVE-2018-10000 The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.