Export limit exceeded: 24694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13315 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. | ||||
| CVE-2018-13297 | 1 Synology | 1 Drive Server | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | ||||
| CVE-2018-13295 | 1 Synology | 1 Application Service | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | ||||
| CVE-2018-13294 | 1 Synology | 1 Application Service | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | ||||
| CVE-2018-13292 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
| CVE-2018-13289 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
| CVE-2018-13288 | 1 Synology | 1 File Station | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
| CVE-2018-13259 | 3 Canonical, Redhat, Zsh | 3 Ubuntu Linux, Enterprise Linux, Zsh | 2024-11-21 | N/A |
| An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2018-13123 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | N/A |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | ||||
| CVE-2018-13115 | 1 Keruigroup | 2 Ypc99, Ypc99 Firmware | 2024-11-21 | N/A |
| Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user. | ||||
| CVE-2018-13111 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-11-21 | N/A |
| There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device. | ||||
| CVE-2018-13056 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-13042 | 1 1password | 1 1password | 2024-11-21 | N/A |
| The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance. | ||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | ||||
| CVE-2018-12997 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 7.5 High |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | ||||
| CVE-2018-12990 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | N/A |
| phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | ||||
| CVE-2018-12988 | 1 Greencms | 1 Greencms | 2024-11-21 | N/A |
| GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | ||||
| CVE-2018-12959 | 1 Aditustoken Project | 1 Aditustoken | 2024-11-21 | N/A |
| The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account). | ||||