Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-12043 content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | N/A | NONE | β | 0 |
| CVE-2011-0467 A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected ... | N/A | NONE | β | 0 |
| CVE-2018-0149 A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to con... | N/A | NONE | β | 0 |
| CVE-2018-0336 A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnera... | N/A | NONE | β | 0 |
| CVE-2018-0329 A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote att... | 5.3 | MEDIUM | β | 0 |
| CVE-2018-0332 A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS)... | N/A | NONE | β | 0 |
| CVE-2018-0334 A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could a... | N/A | NONE | β | 0 |
| CVE-2018-0335 A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to im... | N/A | NONE | β | 0 |
| CVE-2018-12047 xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | N/A | NONE | β | 0 |
| CVE-2018-12659 SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | N/A | NONE | β | 0 |
| CVE-2018-0338 A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected ... | 7.8 | HIGH | β | 0 |
| CVE-2018-0339 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a u... | N/A | NONE | β | 0 |
| CVE-2018-0340 A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack agai... | N/A | NONE | β | 0 |
| CVE-2018-0352 A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. T... | N/A | NONE | β | 0 |
| CVE-2018-0354 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of a... | N/A | NONE | β | 0 |
| CVE-2018-0355 A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of t... | 6.1 | MEDIUM | β | 0 |
| CVE-2018-0356 A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected ... | N/A | NONE | β | 0 |
| CVE-2018-0357 A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected ... | N/A | NONE | β | 0 |
| CVE-2018-3758 Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | 8.8 | HIGH | β | 0 |
| CVE-2018-7682 Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | N/A | NONE | β | 0 |
| CVE-2018-11228 Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Prot... | N/A | NONE | β | 0 |
| CVE-2018-11229 Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protoco... | N/A | NONE | β | 0 |
| CVE-2018-12041 An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames. | N/A | NONE | β | 0 |
| CVE-2018-12045 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php ... | N/A | NONE | β | 0 |
| CVE-2018-12046 DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a ne... | N/A | NONE | β | 0 |
| CVE-2018-12048 A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: t... | N/A | NONE | β | 0 |
| CVE-2018-12049 A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE... | N/A | NONE | β | 0 |
| CVE-2018-9177 Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | N/A | NONE | β | 0 |
| CVE-2018-9182 Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. | N/A | NONE | β | 0 |
| CVE-2018-9246 The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting i... | N/A | NONE | β | 0 |
| CVE-2018-12051 Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg con... | N/A | NONE | β | 0 |
| CVE-2018-12052 SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | N/A | NONE | β | 0 |
| CVE-2018-12053 Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | N/A | NONE | β | 0 |
| CVE-2018-12054 Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | N/A | NONE | β | 0 |
| CVE-2018-12055 Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | N/A | NONE | β | 0 |
| CVE-2018-10088 Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. | N/A | NONE | β | 0 |
| CVE-2018-11409 Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | N/A | NONE | β | 0 |
| CVE-2018-12064 tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. | N/A | NONE | β | 0 |
| CVE-2018-12065 A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a... | N/A | NONE | β | 0 |
| CVE-2011-3172 A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | N/A | NONE | β | 0 |
| CVE-2017-12078 Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | N/A | NONE | β | 0 |
| CVE-2017-1405 IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. | N/A | NONE | β | 0 |
| CVE-2018-1453 IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Fo... | N/A | NONE | β | 0 |
| CVE-2018-8925 Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators... | N/A | NONE | β | 0 |
| CVE-2018-8926 Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation atta... | N/A | NONE | β | 0 |
| CVE-2018-10358 A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the ... | N/A | NONE | β | 0 |
| CVE-2018-10359 A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the ... | N/A | NONE | β | 0 |
| CVE-2018-10505 A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the ... | N/A | NONE | β | 0 |
| CVE-2018-10506 A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a ... | N/A | NONE | β | 0 |
| CVE-2018-12066 BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.