Export limit exceeded: 24337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10424 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field. | ||||
| CVE-2018-10423 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. | ||||
| CVE-2018-10363 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | N/A |
| An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices. | ||||
| CVE-2018-10260 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | N/A |
| A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | ||||
| CVE-2018-10245 | 1 Awstats | 1 Awstats | 2024-11-21 | N/A |
| A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. | ||||
| CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-11-21 | N/A |
| A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | ||||
| CVE-2018-10219 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. | ||||
| CVE-2018-10198 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
| An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. | ||||
| CVE-2018-10189 | 1 Mautic | 1 Mautic | 2024-11-21 | N/A |
| An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. | ||||
| CVE-2018-10178 | 1 Iac | 1 Fromdoctopdf | 2024-11-21 | 5.3 Medium |
| The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. | ||||
| CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | N/A |
| The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | ||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | ||||
| CVE-2018-10106 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | N/A |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | ||||
| CVE-2018-10105 | 2 Redhat, Tcpdump | 3 Enterprise Linux, Rhel Eus, Tcpdump | 2024-11-21 | 9.8 Critical |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). | ||||
| CVE-2018-10103 | 2 Redhat, Tcpdump | 3 Enterprise Linux, Rhel Eus, Tcpdump | 2024-11-21 | 9.8 Critical |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). | ||||
| CVE-2018-10087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | ||||
| CVE-2018-10082 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. | ||||
| CVE-2018-10072 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. | ||||
| CVE-2018-10071 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. | ||||
| CVE-2018-10054 | 2 Cognitect, H2database | 2 Datomic, H2 | 2024-11-21 | 8.8 High |
| H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment." | ||||