| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-10298 |
|
|
2018-04-22 |
N/A |
| Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. |
| CVE-2018-10297 |
|
|
2018-04-22 |
N/A |
| Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. |
| CVE-2017-17902 |
|
|
2018-04-22 |
N/A |
| SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI. |
| CVE-2017-17889 |
|
|
2018-04-22 |
N/A |
| Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php. |
| CVE-2018-10296 |
|
|
2018-04-22 |
N/A |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. |
| CVE-2018-10295 |
|
|
2018-04-22 |
N/A |
| ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. |
| CVE-2018-9245 |
|
|
2018-04-22 |
N/A |
| The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. |
| CVE-2018-10286 |
|
|
2018-04-22 |
N/A |
| The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to... |
| CVE-2018-10285 |
|
|
2018-04-22 |
N/A |
| The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. |
| CVE-2018-10289 |
|
|
2018-04-22 |
N/A |
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. |
| CVE-2018-7747 |
|
|
2018-04-22 |
N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction... |
| CVE-2018-6960 |
|
|
2018-04-22 |
N/A |
| VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. |
| CVE-2018-3843 |
|
|
2018-04-22 |
N/A |
| An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can... |
| CVE-2018-3842 |
|
|
2018-04-22 |
N/A |
| An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker... |
| CVE-2018-3839 |
|
|
2018-04-22 |
N/A |
| An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An... |
| CVE-2018-3838 |
|
|
2018-04-22 |
N/A |
| An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure.... |
| CVE-2018-3837 |
|
|
2018-04-22 |
N/A |
| An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information... |
| CVE-2018-2819 |
|
|
2018-04-22 |
N/A |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2018-2818 |
|
|
2018-04-22 |
N/A |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows... |
| CVE-2018-2817 |
|
|
2018-04-22 |
N/A |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged... |
