CVE-2018-5702 CVSS:0.0
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. (Last Update:2018-01-15) (Publish Update:2018-01-15)
CVE-2018-5700 CVSS:0.0
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. (Last Update:2018-01-14) (Publish Update:2018-01-14)
CVE-2018-5698 CVSS:0.0
libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5697 CVSS:0.0
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5696 CVSS:0.0
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5695 CVSS:0.0
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5694 CVSS:0.0
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5693 CVSS:0.0
The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5692 CVSS:0.0
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5691 CVSS:0.0
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5690 CVSS:0.0
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5689 CVSS:0.0
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5688 CVSS:0.0
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. (Last Update:2018-01-14) (Publish Update:2018-01-14)
CVE-2018-5687 CVSS:0.0
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5686 CVSS:0.0
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5685 CVSS:0.0
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5684 CVSS:0.0
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file. (Last Update:2018-01-14) (Publish Update:2018-01-13)
CVE-2018-5682 CVSS:0.0
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. (Last Update:2018-01-14) (Publish Update:2018-01-13)
CVE-2018-5681 CVSS:0.0
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5673 CVSS:0.0
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5672 CVSS:0.0
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5671 CVSS:0.0
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5670 CVSS:0.0
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5669 CVSS:0.0
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5668 CVSS:0.0
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5667 CVSS:0.0
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5666 CVSS:0.0
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5665 CVSS:0.0
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5664 CVSS:0.0
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5663 CVSS:0.0
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter. (Last Update:2018-01-12) (Publish Update:2018-01-12)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com