National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 112,832 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.

Published: February 17, 2019; 05:29:00 PM -05:00
(not available)
CVE-2019-8421

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.

Published: February 17, 2019; 05:29:00 PM -05:00
(not available)
CVE-2019-8419

VNote 2.2 has XSS via a new text note.

Published: February 17, 2019; 05:29:00 PM -05:00
(not available)
CVE-2019-8418

SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.

Published: February 17, 2019; 04:29:00 PM -05:00
(not available)
CVE-2019-7649

global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.

Published: February 17, 2019; 04:29:00 PM -05:00
(not available)
CVE-2019-8413

On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).

Published: February 17, 2019; 02:29:00 PM -05:00
(not available)
CVE-2019-8412

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.

Published: February 17, 2019; 02:29:00 PM -05:00
(not available)
CVE-2019-8411

admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

Published: February 17, 2019; 02:29:00 PM -05:00
(not available)
CVE-2019-8408

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.

Published: February 17, 2019; 01:29:00 PM -05:00
(not available)
CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.

Published: February 17, 2019; 01:29:00 PM -05:00
(not available)
CVE-2018-20782

The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.

Published: February 17, 2019; 01:29:00 PM -05:00
(not available)
CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

Published: February 17, 2019; 11:29:00 AM -05:00
(not available)
CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.

Published: February 17, 2019; 10:29:00 AM -05:00
(not available)
CVE-2019-8400

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

Published: February 17, 2019; 01:29:00 AM -05:00
(not available)
CVE-2019-8398

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Published: February 17, 2019; 01:29:00 AM -05:00
(not available)
CVE-2019-8397

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.

Published: February 17, 2019; 01:29:00 AM -05:00
(not available)
CVE-2019-8396

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."

Published: February 17, 2019; 01:29:00 AM -05:00
(not available)
CVE-2019-8395

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

Published: February 16, 2019; 11:29:00 PM -05:00
(not available)
CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Published: February 16, 2019; 11:29:00 PM -05:00
(not available)
CVE-2019-8392

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.

Published: February 16, 2019; 11:29:00 PM -05:00
(not available)