Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-17426 |
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. Published: March 07, 2019; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17425 |
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. Published: March 07, 2019; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17422 |
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. Published: March 07, 2019; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2018-17421 |
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17420 |
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-17419 |
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-17418 |
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-17416 |
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-17415 |
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-17414 |
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-17413 |
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17412 |
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-16809 |
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-16808 |
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16804 |
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-14499 |
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-14498 |
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12447 |
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2013-7468 |
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2013-7467 |
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. Published: March 07, 2019; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |