| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19492 | Hig | 0.51 | 7.8 | 0.02 | Nov 23, 2018 | An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This… | ||
| CVE-2018-19491 | Hig | 0.51 | 7.8 | 0.02 | Nov 23, 2018 | An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue… | ||
| CVE-2018-19490 | Hig | 0.51 | 7.8 | 0.02 | Nov 23, 2018 | An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right… | ||
| CVE-2018-19477 | Hig | 0.51 | 7.8 | 0.03 | Nov 23, 2018 | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | ||
| CVE-2018-19476 | Hig | 0.51 | 7.8 | 0.03 | Nov 23, 2018 | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | ||
| CVE-2018-19475 | Hig | 0.51 | 7.8 | 0.10 | Nov 23, 2018 | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | ||
| CVE-2018-19463 | Hig | 0.57 | 8.8 | 0.02 | Nov 22, 2018 | zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including.… | ||
| CVE-2018-19459 | Hig | 0.54 | 7.8 | 0.04 | Nov 22, 2018 | Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. | ||
| CVE-2018-19458 | — | Hig | 0.54 | 7.5 | 0.33 | Nov 22, 2018 | In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | |
| CVE-2018-19457 | Hig | 0.47 | 7.2 | 0.04 | Nov 22, 2018 | Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | ||
| CVE-2018-19437 | Hig | 0.57 | 8.8 | 0.01 | Nov 22, 2018 | UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. | ||
| CVE-2018-19436 | Hig | 0.47 | 7.2 | 0.01 | Nov 22, 2018 | An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. | ||
| CVE-2018-19435 | Hig | 0.47 | 7.2 | 0.01 | Nov 22, 2018 | An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. | ||
| CVE-2018-19434 | Hig | 0.47 | 7.2 | 0.01 | Nov 22, 2018 | An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. | ||
| CVE-2018-19424 | Hig | 0.47 | 7.2 | 0.02 | Nov 21, 2018 | ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. | ||
| CVE-2018-19423 | Hig | 0.51 | 7.2 | 0.18 | Nov 21, 2018 | Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file. | ||
| CVE-2018-19422 | — | Hig | 0.01 | 7.2 | 0.64 | Nov 21, 2018 | /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | |
| CVE-2018-19416 | Hig | 0.51 | 7.8 | 0.02 | Nov 21, 2018 | An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. | ||
| CVE-2018-19411 | Hig | 0.57 | 8.8 | 0.01 | Nov 21, 2018 | PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | ||
| CVE-2018-19404 | Hig | 0.47 | 7.2 | 0.02 | Nov 21, 2018 | In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting… | ||
| CVE-2018-19396 | Hig | 0.49 | 7.5 | 0.05 | Nov 20, 2018 | ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | ||
| CVE-2018-19395 | Hig | 0.49 | 7.5 | 0.04 | Nov 20, 2018 | ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a… | ||
| CVE-2018-18865 | Hig | 0.56 | 8.1 | 0.08 | Nov 20, 2018 | The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | ||
| CVE-2018-18859 | Hig | 0.54 | 7.8 | 0.02 | Nov 20, 2018 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel… | ||
| CVE-2018-18858 | Hig | 0.54 | 7.8 | 0.02 | Nov 20, 2018 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel… | ||
| CVE-2018-18857 | Hig | 0.54 | 7.8 | 0.02 | Nov 20, 2018 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel… | ||
| CVE-2018-18856 | Hig | 0.54 | 7.8 | 0.02 | Nov 20, 2018 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel… | ||
| CVE-2018-18773 | Hig | 0.60 | 8.8 | 0.03 | Nov 20, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | ||
| CVE-2018-18772 | Hig | 0.60 | 8.8 | 0.03 | Nov 20, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | ||
| CVE-2018-18564 | Hig | 0.48 | 7.4 | 0.01 | Nov 20, 2018 | An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000).… | ||
| CVE-2018-18562 | Hig | 0.57 | 8.8 | 0.01 | Nov 20, 2018 | An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service… | ||
| CVE-2018-18561 | Hig | 0.52 | 8.0 | 0.01 | Nov 20, 2018 | An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute… | ||
| CVE-2018-18440 | Hig | 0.51 | 7.8 | 0.01 | Nov 20, 2018 | DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. | ||
| CVE-2018-1779 | Hig | 0.49 | 7.5 | 0.02 | Nov 20, 2018 | IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802. | ||
| CVE-2018-17906 | Hig | 0.57 | 8.8 | 0.01 | Nov 19, 2018 | Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | ||
| CVE-2018-18519 | Hig | 0.51 | 7.8 | 0.01 | Nov 19, 2018 | BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group. | ||
| CVE-2018-19358 | Hig | 0.51 | 7.8 | 0.01 | Nov 18, 2018 | GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms… | ||
| CVE-2018-19349 | Hig | 0.47 | 7.2 | 0.01 | Nov 17, 2018 | In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | ||
| CVE-2018-19348 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls… | ||
| CVE-2018-19347 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls… | ||
| CVE-2018-19346 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls… | ||
| CVE-2018-19345 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL… | ||
| CVE-2018-19344 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address may be used… | ||
| CVE-2018-19343 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a… | ||
| CVE-2018-19342 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at… | ||
| CVE-2018-19341 | Hig | 0.46 | 7.1 | 0.02 | Nov 17, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL… | ||
| CVE-2018-19332 | Hig | 0.57 | 8.8 | 0.00 | Nov 17, 2018 | An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. | ||
| CVE-2018-19331 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2018 | An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | ||
| CVE-2018-19327 | Hig | 0.57 | 8.8 | 0.00 | Nov 17, 2018 | An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. | ||
| CVE-2018-19326 | Hig | 0.50 | 7.5 | 0.10 | Nov 17, 2018 | Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. |
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right…
- risk 0.51cvss 7.8epss 0.03
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
- risk 0.51cvss 7.8epss 0.03
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
- risk 0.51cvss 7.8epss 0.10
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
- risk 0.57cvss 8.8epss 0.02
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including.…
- risk 0.54cvss 7.8epss 0.04
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
- risk 0.54cvss 7.5epss 0.33
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
- risk 0.47cvss 7.2epss 0.04
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
- risk 0.57cvss 8.8epss 0.01
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.
- risk 0.47cvss 7.2epss 0.02
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
- risk 0.51cvss 7.2epss 0.18
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
- risk 0.01cvss 7.2epss 0.64
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.
- risk 0.57cvss 8.8epss 0.01
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.
- risk 0.47cvss 7.2epss 0.02
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting…
- risk 0.49cvss 7.5epss 0.05
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
- risk 0.49cvss 7.5epss 0.04
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a…
- risk 0.56cvss 8.1epss 0.08
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
- risk 0.54cvss 7.8epss 0.02
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel…
- risk 0.54cvss 7.8epss 0.02
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel…
- risk 0.54cvss 7.8epss 0.02
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel…
- risk 0.54cvss 7.8epss 0.02
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel…
- risk 0.60cvss 8.8epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
- risk 0.60cvss 8.8epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
- risk 0.48cvss 7.4epss 0.01
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000).…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service…
- risk 0.52cvss 8.0epss 0.01
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute…
- risk 0.51cvss 7.8epss 0.01
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
- risk 0.49cvss 7.5epss 0.02
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
- risk 0.57cvss 8.8epss 0.01
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
- risk 0.51cvss 7.8epss 0.01
BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
- risk 0.51cvss 7.8epss 0.01
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms…
- risk 0.47cvss 7.2epss 0.01
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address may be used…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at…
- risk 0.46cvss 7.1epss 0.02
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
- risk 0.50cvss 7.5epss 0.10
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.