Prophaze
  • What is Prophaze AppSec Platform? How it works?
    • Performance
    • SSL Termination
    • Modes of Operation
  • Prophaze AppSec Best Practices
  • Application Onboarding
    • Account Creation
    • Deployment Models
      • Cloud
      • On-Premise
      • Kubernetes Deployment
    • Multi-Cloud Setup
  • DASHBOARD UI OVERVIEW
    • Dashboard
    • Traffic Analysis
    • API Security
    • Attack Analytics
    • DDOS Attacks
    • Rules Page
    • Bot Mitigation
    • Anomaly Detection
    • Reporting
    • Attack Types
    • Incidents
    • AppSec Toggle Mode
    • SSL Certificate
  • HTTP Support
    • Encoding Types
    • Protocol Validation
  • Protection Use Cases
    • HTTP Protocol Violation
    • Protocol Anomalies
    • Bot Detection
    • Injection Prevention
    • HTTP Request Smuggling
    • HTTP Response Splitting
    • XSS Prevention
    • LFI and RFI
    • Session Fixation
    • SQL Injection Prevention
    • Layer 7 Dos Attack Prevention
    • PHP Application Protection
  • Detection Techniques
    • Normalization
    • Negative Security Model
    • Signature and Rule Database
  • FAQ
    • Onboarding Process
    • Dashboard Terminology
    • Attack Section
    • Rule Set
    • Traffic 360: General Traffic Logs
    • ML Based Bot Mitigation
    • Generating Reports
    • Anomaly Detection
    • General
  • Software Updates
    • Release Notes v2.3.0
  • Release Notes v2.4.0
  • Release Notes v2.5.0
  • API Security Dashboard
    • API Security Features of Prophaze
    • API security scoring
    • Host-Based API Quality Score
    • How to Enable API Security and Dashboard
    • API Security Section
  • CVE
    • CVE-2024
    • CVE-2023
    • CVE-2022
    • CVE-2021
    • CVE-2020
    • CVE-2019
    • CVE-2018
    • CVE-2017
    • CVE-2012
    • CVE-2011
    • CVE-2009
    • CVE-2008
    • CVE-2001
Powered by GitBook
On this page

Was this helpful?

  1. CVE

CVE-2018

CVE
CVE Description
Reference

CVE-2018-1000811

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.

CVE-2018-20418

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

CVE-2018-1821

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.

CVE-2018-13045

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.

CVE-2018-19933

Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.

CVE-2018-19829

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.

CVE-2018-19828

Artica Integria IMS 5.0.83 has XSS via the search_string parameter.

CVE-2018-15535

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

CVE-2018-15745

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.

CVE-2018-16133

Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.

CVE-2018-16134

Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.

CVE-2018-15844

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.

CVE-2018-14497

Tenda D152 ADSL routers allow XSS via a crafted SSID.

CVE-2018-15917

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.

CVE-2018-15918

An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.

CVE-2018-16059

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.

CVE-2018-10763

Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.

CVE-2018-1756

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

CVE-2018-17254

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

CVE-2018-1002000

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

CVE-2018-1002001

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVE-2018-1002002

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVE-2018-1002003

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVE-2018-1002004

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVE-2018-1002005

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.

CVE-2018-1002006

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes

CVE-2018-1002007

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.

CVE-2018-1002008

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.

CVE-2018-1002009

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.

CVE-2018-16736

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).

CVE-2018-16283

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.

CVE-2018-16299

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

CVE-2018-17255

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-14014. Reason: This candidate is a reservation duplicate of CVE-2020-14014. Notes: All CVE users should reference CVE-2020-14014 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

CVE-2018-16288

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

CVE-2018-17173

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.

CVE-2018-17391

SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.

CVE-2018-17379

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

CVE-2018-2791

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

CVE-2018-11415

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

CVE-2018-7312

SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.

CVE-2018-7318

SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.

CVE-2018-6222

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.

CVE-2018-6223

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.

CVE-2018-6225

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

CVE-2018-6226

Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.

CVE-2018-6227

A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.

CVE-2018-6228

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

CVE-2018-6229

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

CVE-2018-6230

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

CVE-2018-7477

SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.

CVE-2018-7448

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.

CVE-2018-6193

A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.

CVE-2018-6936

Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.

CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

CVE-2018-7474

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

CVE-2018-7703

Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.

CVE-2018-7705

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.

CVE-2018-7701

Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.

CVE-2018-7538

SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.

CVE-2018-7543

Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.

CVE-2018-8772

Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen.

CVE-2018-7422

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.

CVE-2018-7171

Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.

CVE-2018-7203

Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.

CVE-2018-0878

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".

CVE-2018-8903

Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.

CVE-2018-8979

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

CVE-2018-9034

Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.

CVE-2018-9035

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.

CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

CVE-2018-9107

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

CVE-2018-9106

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.

CVE-2018-5708

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.

CVE-2018-8815

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

CVE-2018-9183

The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.

CVE-2018-7653

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability

CVE-2018-9173

Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.

CVE-2018-8729

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.

CVE-2018-7746

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.

CVE-2018-9238

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.

CVE-2018-9235

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

CVE-2018-9236

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.

CVE-2018-9237

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.

CVE-2018-8729

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.

CVE-2018-1217

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.

CVE-2018-9844

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.

CVE-2018-10063

The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.

CVE-2018-8057

A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.

CVE-2018-9857

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).

CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

CVE-2018-7747

Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.

CVE-2018-10077

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.

CVE-2018-10078

Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.

CVE-2018-5315

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.

CVE-2018-5263

The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.

CVE-2018-5370

BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.

CVE-2018-5479

FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

CVE-2018-5688

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.

CVE-2018-5705

Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

CVE-2018-5985

SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.

CVE-2018-5977

SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.

CVE-2018-5986

SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.

CVE-2018-5979

SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.

CVE-2018-5978

SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.

CVE-2018-5972

SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.

CVE-2018-5988

SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.

CVE-2018-5973

SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.

CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.

CVE-2018-6365

SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.

CVE-2018-6367

SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.

CVE-2018-6364

SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.

CVE-2018-6398

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.

CVE-2018-6395

SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.

CVE-2018-6577

SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.

CVE-2018-6578

SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.

CVE-2018-6576

SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.

CVE-2018-6579

SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.

CVE-2018-6575

SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.

CVE-2018-6581

SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.

CVE-2018-6605

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

CVE-2018-6604

SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.

CVE-2018-6582

SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

CVE-2018-6609

SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.

CVE-2018-6190

Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.

CVE-2018-6845

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.

CVE-2018-6888

An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.

CVE-2018-6940

A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.

CVE-2018-5993

SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.

CVE-2018-5990

SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.

CVE-2018-6584

SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.

CVE-2018-6373

SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.

CVE-2018-6004

SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

CVE-2018-5991

SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.

CVE-2018-5981

SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.

CVE-2018-6396

SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

CVE-2018-6394

SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

CVE-2018-6372

SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.

CVE-2018-5970

SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

CVE-2018-6368

SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.

CVE-2018-6006

SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.

CVE-2018-5994

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

CVE-2018-5971

SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.

CVE-2018-6024

SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

CVE-2018-6005

SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.

CVE-2018-5974

SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.

CVE-2018-5975

SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

CVE-2018-5980

SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

CVE-2018-5992

SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.

CVE-2018-6583

SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.

CVE-2018-5987

SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.

CVE-2018-5989

SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.

CVE-2018-7180

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.

CVE-2018-7177

SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

CVE-2018-7179

SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

CVE-2018-7178

SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

CVE-2018-7176

FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).

CVE- 2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.

CVE-2018-7313

SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.

CVE-2018-7314

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

CVE-2018-7315

SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.

CVE-2018-5983

SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.

CVE-2018-6585

SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.

CVE-2018-9205

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.

CVE-2018-10109

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.

CVE-2018-10310

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.

CVE-2018-10312

index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.

CVE-2018-9137

Open-AudIT before 2.2 has CSV Injection.

CVE-2018-10258

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

CVE-2018-10255

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

CVE-2018-10257

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

CVE-2018-10256

A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.

CVE-2018-10259

An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.

CVE-2018-10260

A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.

CVE-2018-7602

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

CVE-2018-10366

An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.

CVE-2018-10365

An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.

CVE-2018-10321

Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

CVE-2018-10309

The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.

CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.

CVE-2018-10757

CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.

CVE-2018-10580

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.

CVE-2018-9155

Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).

CVE-2018-10314

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.

CVE-2018-10313

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.

CVE-2018-10311

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.

CVE-2018-5430

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

CVE-2018-7465

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.

CVE-2018-1247

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.

CVE-2018-9163

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

CVE-2018-11339

An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.

CVE-2018-11443

The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.

CVE-2018-11444

A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.

CVE-2018-11332

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

CVE-2018-11403

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.

CVE-2018-11404

DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.

CVE-2018-11512

Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.

CVE-2018-11535

An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.

CVE-2018-11523

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.

CVE-2018-11532

An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.

CVE-2018-11538

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.

CVE-2018-11522

Yosoro 1.0.4 has stored XSS.

CVE-2018-10094

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

CVE-2018-11670

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.

CVE-2018-11628

Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.

CVE-2018-11715

The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.

CVE-2018-11581

Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.

CVE-2018-10969

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.

CVE-2018-12052

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

CVE-2018-12095

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.

CVE-2018-12094

Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

CVE-2018-11525

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

CVE-2018-12705

DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).

CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

CVE-2018-12636

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.

CVE-2018-12912

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.

CVE-2018-12519

An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.

CVE-2018-8738

Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.

CVE-2018-13849

edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.

PreviousCVE-2019NextCVE-2017

Last updated 1 month ago

Was this helpful?

https://www.exploit-db.com/exploits/46060
https://www.exploit-db.com/exploits/46054
https://www.exploit-db.com/exploits/46017
https://www.exploit-db.com/exploits/46015
https://www.exploit-db.com/exploits/46014
https://www.exploit-db.com/exploits/46013
https://www.exploit-db.com/exploits/46012
https://www.exploit-db.com/exploits/45271
https://www.exploit-db.com/exploits/45274
https://www.exploit-db.com/exploits/45296
https://www.exploit-db.com/exploits/45303
https://www.exploit-db.com/exploits/45309
https://www.exploit-db.com/exploits/45314
https://www.exploit-db.com/exploits/45336
https://www.exploit-db.com/exploits/45338
https://www.exploit-db.com/exploits/45340
https://www.exploit-db.com/exploits/45342
https://www.exploit-db.com/exploits/45386
https://www.exploit-db.com/exploits/45392
https://www.exploit-db.com/exploits/45396
https://www.exploit-db.com/exploits/45423
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45434
https://www.exploit-db.com/exploits/45437
https://www.exploit-db.com/exploits/45438
https://www.exploit-db.com/exploits/45439
https://www.exploit-db.com/exploits/45445
https://www.exploit-db.com/exploits/45440
https://www.exploit-db.com/exploits/45448
https://www.exploit-db.com/exploits/45449
https://www.exploit-db.com/exploits/45463
https://www.exploit-db.com/exploits/45464
https://www.exploit-db.com/exploits/44752
https://www.exploit-db.com/exploits/44755
https://www.exploit-db.com/exploits/44162
https://www.exploit-db.com/exploits/44163
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44449
https://www.exploit-db.com/exploits/44166
https://www.exploit-db.com/exploits/44191
https://www.exploit-db.com/exploits/44192
https://www.exploit-db.com/exploits/44216
https://www.exploit-db.com/exploits/44219
https://www.exploit-db.com/exploits/44223
https://www.exploit-db.com/exploits/44277
https://www.exploit-db.com/exploits/44285
https://www.exploit-db.com/exploits/44285
https://www.exploit-db.com/exploits/44285
https://www.exploit-db.com/exploits/44286
https://www.exploit-db.com/exploits/44288
https://www.exploit-db.com/exploits/44320
https://www.exploit-db.com/exploits/44340
https://www.exploit-db.com/exploits/44350
https://www.exploit-db.com/exploits/44351
https://www.exploit-db.com/exploits/44352
https://www.exploit-db.com/exploits/44354
https://www.exploit-db.com/exploits/44360
https://www.exploit-db.com/exploits/44366
https://www.exploit-db.com/exploits/44367
https://www.exploit-db.com/exploits/44368
https://www.exploit-db.com/exploits/44369
https://www.exploit-db.com/exploits/44370
https://www.exploit-db.com/exploits/44388
https://www.exploit-db.com/exploits/44392
https://www.exploit-db.com/exploits/44401
https://www.exploit-db.com/exploits/44405
https://www.exploit-db.com/exploits/44406
https://www.exploit-db.com/exploits/44408
https://www.exploit-db.com/exploits/44409
https://www.exploit-db.com/exploits/44416
https://www.exploit-db.com/exploits/44424
https://www.exploit-db.com/exploits/44434
https://www.exploit-db.com/exploits/44436
https://www.exploit-db.com/exploits/44436
https://www.exploit-db.com/exploits/44437
https://www.exploit-db.com/exploits/44441
https://www.exploit-db.com/exploits/44443
https://www.exploit-db.com/exploits/44444
https://www.exploit-db.com/exploits/44447
https://www.exploit-db.com/exploits/44454
https://www.exploit-db.com/exploits/44486
https://www.exploit-db.com/exploits/44487
https://www.exploit-db.com/exploits/44489
https://www.exploit-db.com/exploits/44493
https://www.exploit-db.com/exploits/44493
https://www.exploit-db.com/exploits/43420
https://www.exploit-db.com/exploits/43479
https://www.exploit-db.com/exploits/43488
https://www.exploit-db.com/exploits/43535
https://www.exploit-db.com/exploits/43567
https://www.exploit-db.com/exploits/43595
https://www.exploit-db.com/exploits/43676
https://www.exploit-db.com/exploits/43683
https://www.exploit-db.com/exploits/43860
https://www.exploit-db.com/exploits/43861
https://www.exploit-db.com/exploits/43863
https://www.exploit-db.com/exploits/43864
https://www.exploit-db.com/exploits/43865
https://www.exploit-db.com/exploits/43868
https://www.exploit-db.com/exploits/43869
https://www.exploit-db.com/exploits/43870
https://www.exploit-db.com/exploits/43914
https://www.exploit-db.com/exploits/43915
https://www.exploit-db.com/exploits/43918
https://www.exploit-db.com/exploits/43917
https://www.exploit-db.com/exploits/43932
https://www.exploit-db.com/exploits/43933
https://www.exploit-db.com/exploits/43940
https://www.exploit-db.com/exploits/43948
https://www.exploit-db.com/exploits/43949
https://www.exploit-db.com/exploits/43950
https://www.exploit-db.com/exploits/43957
https://www.exploit-db.com/exploits/43959
https://www.exploit-db.com/exploits/43974
https://www.exploit-db.com/exploits/43975
https://www.exploit-db.com/exploits/43976
https://www.exploit-db.com/exploits/43978
https://www.exploit-db.com/exploits/43981
https://www.exploit-db.com/exploits/44016
https://www.exploit-db.com/exploits/44029
https://www.exploit-db.com/exploits/44033
https://www.exploit-db.com/exploits/44106
https://www.exploit-db.com/exploits/44107
https://www.exploit-db.com/exploits/44108
https://www.exploit-db.com/exploits/44109
https://www.exploit-db.com/exploits/44110
https://www.exploit-db.com/exploits/44111
https://www.exploit-db.com/exploits/44112
https://www.exploit-db.com/exploits/44113
https://www.exploit-db.com/exploits/44114
https://www.exploit-db.com/exploits/44115
https://www.exploit-db.com/exploits/44116
https://www.exploit-db.com/exploits/44117
https://www.exploit-db.com/exploits/44119
https://www.exploit-db.com/exploits/44120
https://www.exploit-db.com/exploits/44122
https://www.exploit-db.com/exploits/44124
https://www.exploit-db.com/exploits/44125
https://www.exploit-db.com/exploits/44126
https://www.exploit-db.com/exploits/44127
https://www.exploit-db.com/exploits/44128
https://www.exploit-db.com/exploits/44129
https://www.exploit-db.com/exploits/44130
https://www.exploit-db.com/exploits/44131
https://www.exploit-db.com/exploits/44132
https://www.exploit-db.com/exploits/44133
https://www.exploit-db.com/exploits/44134
https://www.exploit-db.com/exploits/44135
https://www.exploit-db.com/exploits/44136
https://www.exploit-db.com/exploits/44137
https://www.exploit-db.com/exploits/44144
https://www.exploit-db.com/exploits/44158
https://www.exploit-db.com/exploits/44160
https://www.exploit-db.com/exploits/44161
https://www.exploit-db.com/exploits/44118
https://www.exploit-db.com/exploits/44121
https://www.exploit-db.com/exploits/44501
https://www.exploit-db.com/exploits/44502
https://www.exploit-db.com/exploits/44503
https://www.exploit-db.com/exploits/44504
https://www.exploit-db.com/exploits/44511
https://www.exploit-db.com/exploits/44534
https://www.exploit-db.com/exploits/44535
https://www.exploit-db.com/exploits/44536
https://www.exploit-db.com/exploits/44537
https://www.exploit-db.com/exploits/44538
https://www.exploit-db.com/exploits/44539
https://www.exploit-db.com/exploits/44542
https://www.exploit-db.com/exploits/44546
https://www.exploit-db.com/exploits/44547
https://www.exploit-db.com/exploits/44551
https://www.exploit-db.com/exploits/44559
https://www.exploit-db.com/exploits/44563
https://www.exploit-db.com/exploits/44585
https://www.exploit-db.com/exploits/44589
https://www.exploit-db.com/exploits/44608
https://www.exploit-db.com/exploits/44612
https://www.exploit-db.com/exploits/44613
https://www.exploit-db.com/exploits/44617
https://www.exploit-db.com/exploits/44618
https://www.exploit-db.com/exploits/44623
https://www.exploit-db.com/exploits/44625
https://www.exploit-db.com/exploits/44634
https://www.exploit-db.com/exploits/44666
https://www.exploit-db.com/exploits/44691
https://www.exploit-db.com/exploits/44764
https://www.exploit-db.com/exploits/44765
https://www.exploit-db.com/exploits/44775
https://www.exploit-db.com/exploits/44782
https://www.exploit-db.com/exploits/44783
https://www.exploit-db.com/exploits/44790
https://www.exploit-db.com/exploits/44793
https://www.exploit-db.com/exploits/44794
https://www.exploit-db.com/exploits/44795
https://www.exploit-db.com/exploits/44801
https://www.exploit-db.com/exploits/44803
https://www.exploit-db.com/exploits/44805
https://www.exploit-db.com/exploits/44825
https://www.exploit-db.com/exploits/44831
https://www.exploit-db.com/exploits/44833
https://www.exploit-db.com/exploits/44839
https://www.exploit-db.com/exploits/44867
https://www.exploit-db.com/exploits/44873
https://www.exploit-db.com/exploits/44874
https://www.exploit-db.com/exploits/44895
https://www.exploit-db.com/exploits/44897
https://www.exploit-db.com/exploits/44924
https://www.exploit-db.com/exploits/44928
https://www.exploit-db.com/exploits/44931
https://www.exploit-db.com/exploits/44935
https://www.exploit-db.com/exploits/44940
https://www.exploit-db.com/exploits/44943
https://www.exploit-db.com/exploits/44953
https://www.exploit-db.com/exploits/44978
https://www.exploit-db.com/exploits/44986
https://www.exploit-db.com/exploits/45003