Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19654 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 7.5 High |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. | ||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-11-21 | 7.5 High |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | ||||
| CVE-2018-19592 | 1 Corsair | 19 Axi, Commander Mini, Commander Pro and 16 more | 2024-11-21 | 7.8 High |
| The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. | ||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | ||||
| CVE-2018-19518 | 4 Canonical, Debian, Php and 1 more | 4 Ubuntu Linux, Debian Linux, Php and 1 more | 2024-11-21 | 7.5 High |
| University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. | ||||
| CVE-2018-19423 | 1 Codiad | 1 Codiad | 2024-11-21 | 7.2 High |
| Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | ||||
| CVE-2018-19422 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 7.2 High |
| /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | ||||
| CVE-2018-19418 | 2 Foxitsoftware, Microsoft | 2 Pdf Activex, Windows | 2024-11-21 | 7.8 High |
| Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | ||||
| CVE-2018-19296 | 4 Debian, Fedoraproject, Phpmailer Project and 1 more | 4 Debian Linux, Fedora, Phpmailer and 1 more | 2024-11-21 | 8.8 High |
| PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | ||||
| CVE-2018-19277 | 1 Phpoffice | 1 Phpspreadsheet | 2024-11-21 | 8.8 High |
| securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file | ||||
| CVE-2018-19274 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 7.2 High |
| Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | ||||
| CVE-2018-19183 | 1 Ethereumjs-vm Project | 1 Ethereumjs-vm | 2024-11-21 | 7.5 High |
| ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result. | ||||
| CVE-2018-19167 | 1 Cloakcoin | 1 Cloakcoin | 2024-11-21 | 7.5 High |
| CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19166 | 1 Peercoin | 1 Peercoin | 2024-11-21 | 7.5 High |
| peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19165 | 1 Nebl | 1 Neblio | 2024-11-21 | 7.5 High |
| neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19164 | 1 Reddcoin | 1 Reddcoin | 2024-11-21 | 7.5 High |
| reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19163 | 1 Stratisplatform | 1 Stratisx | 2024-11-21 | 7.5 High |
| stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19162 | 1 Diviproject | 1 Divi | 2024-11-21 | 7.5 High |
| Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19161 | 1 Alqo | 1 Alqo | 2024-11-21 | 7.5 High |
| alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||
| CVE-2018-19160 | 1 Bit.diamonds | 1 Diamond | 2024-11-21 | 7.5 High |
| Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk. | ||||