• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-287

CVE-2018-19645

February 26, 2023 by

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVE-2018-19505

February 26, 2023 by

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.

CVE-2018-19458

February 26, 2023 by

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.

CVE-2018-19392

February 26, 2023 by

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account’s password (including the default “admin” account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).

CVE-2018-19249

February 26, 2023 by

The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction.

CVE-2018-19076

February 26, 2023 by

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 64
  • Go to page 65
  • Go to page 66
  • Go to page 67
  • Go to page 68
  • Interim pages omitted …
  • Go to page 289
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE