Max CVSS 7.5 Min CVSS 4.0 Total Count43
IDCVSSSummaryLast (major) updatePublished
CVE-2018-18941 5.0
In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privilege
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-18940 4.3
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicio
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19862 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-19861 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-19505 4.0
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allo
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-20211 6.8
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an o
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-20193 4.0
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (b
21-12-2018 - 18:29 21-12-2018 - 18:29
CVE-2018-19822 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19821 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19820 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19819 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19818 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19817 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19816 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19815 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19814 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19813 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19812 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19811 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19810 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19809 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19775 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19774 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19773 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19772 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19771 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19770 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19769 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19768 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19767 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19766 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19765 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19649 4.3
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19439 4.3
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/hel
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-19754 6.5
Tarantella Enterprise before 3.11 allows bypassing Access Control.
05-12-2018 - 17:29 05-12-2018 - 17:29
CVE-2018-19753 5.0
Tarantella Enterprise before 3.11 allows Directory Traversal.
05-12-2018 - 17:29 05-12-2018 - 17:29
CVE-2018-18619 7.5
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute th
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-18777 4.0
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slas
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18776 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18775 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2009-3903 4.3
Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of
02-02-2011 - 01:48 06-11-2009 - 10:30
CVE-2010-1910 5.1
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2004-2271 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
05-09-2008 - 16:43 31-12-2004 - 00:00
Back to Top Mark selected
Back to Top