Latest CVE Feed
-
9.3
HIGHCVE-2018-10750
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause ... Read more
- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-10749
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corr... Read more
- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-10748
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corrupti... Read more
- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-10747
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corru... Read more
- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-10746
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corru... Read more
- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10740
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.... Read more
Affected Products : axublog- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-10739
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered.... Read more
Affected Products : 2345_security_guard- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10738
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10736
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10735
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10734
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.... Read more
Affected Products : d303_firmware d305_firmware d403_firmware a303_firmware a403_firmware d303 d305 d403 a303 a403- Published: May. 08, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-10733
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap ansible_tower libgxps- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-10732
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.... Read more
Affected Products : data_science_studio- Published: May. 28, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2018-10731
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-10730
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-10729
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2018-10728
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-10727
Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header.... Read more
Affected Products : fabrik- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/c... Read more
Affected Products : yellow- Published: May. 04, 2018
- Modified: Nov. 21, 2024