) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-11564 |
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. Published: June 01, 2018; 9:29:05 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-11522 |
Yosoro 1.0.4 has stored XSS. Published: June 01, 2018; 9:29:05 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-11194 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-11193 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-11192 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-11191 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-11190 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-11189 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-11188 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11187 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11186 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11185 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11184 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11183 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11182 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11181 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11180 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11179 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11178 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-11177 |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46). Published: June 01, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |