Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2018-10523 —
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileMa... read CVE-2018-10523
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10522 —
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_c... read CVE-2018-10522
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10521 —
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory... read CVE-2018-10521
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10520 —
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all d... read CVE-2018-10520
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10519 —
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible throug... read CVE-2018-10519
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10518 —
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all dir... read CVE-2018-10518
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10517 —
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10516 —
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-10515 —
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Published: April 27, 2018; 02:29:00 PM -04:00
-
CVE-2018-1479 —
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.
Published: April 27, 2018; 11:29:10 AM -04:00
-
CVE-2018-1475 —
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.
Published: April 27, 2018; 11:29:00 AM -04:00
-
CVE-2018-1473 —
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... read CVE-2018-1473
Published: April 27, 2018; 11:29:00 AM -04:00
-
CVE-2017-1116 —
IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.
Published: April 27, 2018; 11:29:00 AM -04:00
-
CVE-2018-6518 —
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
Published: April 26, 2018; 10:29:00 AM -04:00
-
CVE-2018-1418 —
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
Published: April 26, 2018; 10:29:00 AM -04:00
-
CVE-2017-1724 —
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... read CVE-2017-1724
Published: April 26, 2018; 10:29:00 AM -04:00
-
CVE-2017-1723 —
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force... read CVE-2017-1723
Published: April 26, 2018; 10:29:00 AM -04:00
-
CVE-2017-1722 —
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 13... read CVE-2017-1722
Published: April 26, 2018; 10:29:00 AM -04:00
-
CVE-2017-1721 —
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
Published: April 26, 2018; 10:29:00 AM -04:00
-
CVE-2017-14740 —
Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.
Published: April 26, 2018; 10:29:00 AM -04:00