Total
129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1220 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | |||||
| CVE-2018-19620 | 1 Showdoc | 1 Showdoc | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | |||||
| CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | |||||
| CVE-2019-7736 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. NOTE: this may overlap CVE-2019-13101. | |||||
| CVE-2018-18922 | 1 Abisoftgt | 1 Ticketly | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | |||||
| CVE-2018-16706 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | |||||
| CVE-2018-6669 | 1 Mcafee | 1 Application Change Control | 2023-12-10 | 5.2 MEDIUM | 8.0 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | |||||
| CVE-2019-6126 | 1 Advance Peer To Peer Mlm Script Project | 1 Advance Peer To Peer Mlm Script | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. | |||||
| CVE-2019-6551 | 1 Pangea-comm | 1 Fax Ata | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. | |||||
| CVE-2018-19207 | 1 Van-ons | 1 Wp-gdpr-compliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | |||||
| CVE-2018-19109 | 1 Tianti Project | 1 Tianti | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. | |||||
| CVE-2018-7526 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | |||||
| CVE-2017-17736 | 1 Kentico | 1 Kentico Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. | |||||
| CVE-2018-0105 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269. | |||||
| CVE-2018-0198 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592. | |||||
| CVE-2018-0266 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218. | |||||
| CVE-2018-0140 | 1 Cisco | 19 Content Security Management Appliance, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M390 and 16 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. | |||||
| CVE-2018-11346 | 1 Asustor | 2 As6202t, As6202t Firmware | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | |||||
| CVE-2018-0267 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116. | |||||
| CVE-2017-14993 | 1 Oxid-esales | 1 Eshop | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option. | |||||