CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-04-17
Low
CVE-2018-20028

Vendor: Contao
Software: Contao cms
 

 
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.

 
2019-03-21
Medium
CVE-2018-18862

Vendor: BMC
Software: Remedy actio...
 

 
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.

 
2019-01-03
Medium
CVE-2018-18004

Vendor: Vivotek
Software: Camera
 

 
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.

 
2018-12-21
Low
CVE-2018-20345

Vendor: Stackstorm
Software: Stackstorm
 

 
Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=<username>" query filter parameters. Enterprise editions with RBAC enabled are not affected.

 
2018-12-20
Medium
CVE-2018-6669

Vendor: Mcafee
Software: Application ...
 

 
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form.

 
2018-12-13
Medium
CVE-2018-18922

Vendor: Abisoftgt
Software: Ticketly
 

 
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.

 
2018-11-28
Low
CVE-2018-19620

Vendor: Showdoc
Software: Showdoc
 

 
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

 
2018-11-17
Medium
CVE-2018-19329

Vendor: Greencms
Software: Greencms
 

 
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.

 
2018-11-12
Medium
CVE-2018-19207

Vendor: Van-ons
Software: Wp-gdpr-comp...
 

 
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

 
2018-11-11
Medium
CVE-2018-19143

Vendor: Debian
Software: Debian linux
 

 
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top