CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-09-07
Low
CVE-2017-1115

Vendor: IBM
Software: Campaign
 

 
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.

 
High
CVE-2018-16651

Vendor: Phpmyfaq
Software: Phpmyfaq
 

 
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

 
2018-09-01
Medium
CVE-2018-16308

Vendor: Ninjaforms
Software: Ninja forms
 

 
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.

 
2018-08-31
Medium
CVE-2018-16275

Updating...
 

 
OPSWAT MetaDefender before v4.11.2 allows CSV injection.

 
2018-08-30
Medium
CVE-2018-16157

Vendor: Bijiadao
Software: Waimai super cms
 

 
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.

 
2018-08-29
Medium
CVE-2018-16056

Vendor: Wireshark
Software: Wireshark
 

 
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.

 
Medium
CVE-2018-16057

Vendor: Wireshark
Software: Wireshark
 

 
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.

 
Medium
CVE-2018-16058

Vendor: Wireshark
Software: Wireshark
 

 
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.

 
2018-08-28
Low
CVE-2018-15608

Vendor: Manageengine
Software: Admanager plus
 

 
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.

 
Medium
CVE-2018-15571

Vendor: Export users to csv project
Software: Export users...
 

 
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top