CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2501 CVE-2018-7752 119 Overflow 2018-03-07 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
2502 CVE-2018-7748 94 Exec Code 2018-08-03 2018-10-05
6.5
None Remote Low Single system Partial Partial Partial
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
2503 CVE-2018-7735 89 Sql 2018-03-06 2018-03-26
6.5
None Remote Low Single system Partial Partial Partial
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.
2504 CVE-2018-7734 89 Sql 2018-03-06 2018-03-26
6.5
None Remote Low Single system Partial Partial Partial
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.
2505 CVE-2018-7733 352 CSRF 2018-03-06 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.
2506 CVE-2018-7720 352 CSRF 2018-03-07 2018-03-28
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.
2507 CVE-2018-7711 347 2018-03-05 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
2508 CVE-2018-7702 306 2018-03-14 2018-04-06
6.4
None Remote Low Not required Partial Partial None
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
2509 CVE-2018-7700 352 Exec Code CSRF 2018-03-27 2018-04-19
6.8
None Remote Medium Not required Partial Partial Partial
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
2510 CVE-2018-7677 352 CSRF 2018-03-14 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
2511 CVE-2018-7643 190 DoS Overflow 2018-03-02 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
2512 CVE-2018-7641 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
2513 CVE-2018-7640 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
2514 CVE-2018-7639 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
2515 CVE-2018-7638 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
2516 CVE-2018-7637 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
2517 CVE-2018-7634 352 CSRF 2018-03-01 2018-03-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
2518 CVE-2018-7590 352 CSRF 2018-03-01 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
2519 CVE-2018-7589 415 2018-03-01 2019-06-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
2520 CVE-2018-7588 119 Overflow 2018-03-01 2019-06-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
2521 CVE-2018-7587 119 Overflow 2018-03-01 2019-06-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
2522 CVE-2018-7579 89 Sql 2018-03-01 2018-03-22
6.5
None Remote Low Single system Partial Partial Partial
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
2523 CVE-2018-7565 352 CSRF 2018-03-07 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists on Polycom QDX 6000 devices.
2524 CVE-2018-7562 434 Exec Code 2018-03-12 2018-04-11
6.0
None Remote Medium Single system Partial Partial Partial
A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.
2525 CVE-2018-7556 200 +Info 2018-02-28 2018-03-23
6.4
None Remote Low Not required Partial Partial None
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
2526 CVE-2018-7544 134 DoS Exec Code +Info 2018-03-16 2018-04-10
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
2527 CVE-2018-7541 264 DoS +Priv 2018-02-27 2018-11-13
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
2528 CVE-2018-7528 89 Sql 2018-03-22 2018-04-18
6.4
None Remote Low Not required Partial Partial None
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.
2529 CVE-2018-7527 119 Overflow 2018-04-26 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
2530 CVE-2018-7524 352 CSRF 2018-03-22 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.
2531 CVE-2018-7511 20 Exec Code Overflow 2018-03-20 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.
2532 CVE-2018-7509 787 Exec Code Mem. Corr. 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
2533 CVE-2018-7507 119 Exec Code Overflow 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
2534 CVE-2018-7495 22 Dir. Trav. 2018-05-15 2018-06-18
6.4
None Remote Low Not required None Partial Partial
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
2535 CVE-2018-7494 119 Exec Code Overflow 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
2536 CVE-2018-7487 119 DoS Overflow 2018-02-26 2018-04-07
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.
2537 CVE-2018-7486 284 Exec Code 2018-02-26 2018-03-22
6.5
None Remote Low Single system Partial Partial Partial
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.
2538 CVE-2018-7466 94 2018-02-25 2018-03-29
6.0
None Remote Medium Single system Partial Partial Partial
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
2539 CVE-2018-7442 22 Dir. Trav. 2018-02-23 2018-03-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
2540 CVE-2018-7439 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
2541 CVE-2018-7438 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
2542 CVE-2018-7437 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
2543 CVE-2018-7436 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
2544 CVE-2018-7435 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
2545 CVE-2018-7407 704 Exec Code 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.
2546 CVE-2018-7406 129 Exec Code 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.
2547 CVE-2018-7339 119 DoS Overflow 2018-02-23 2018-03-18
6.8
None Remote Medium Not required Partial Partial Partial
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.
2548 CVE-2018-7308 352 CSRF 2018-02-21 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.
2549 CVE-2018-7307 352 CSRF 2018-03-06 2018-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
2550 CVE-2018-7304 74 2018-02-21 2018-03-12
6.5
None Remote Low Single system Partial Partial Partial
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.