CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2551 CVE-2018-7544 134 DoS Exec Code +Info 2018-03-16 2018-04-10
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
2552 CVE-2018-7541 264 DoS +Priv 2018-02-27 2018-11-13
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
2553 CVE-2018-7528 89 Sql 2018-03-22 2018-04-18
6.4
None Remote Low Not required Partial Partial None
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.
2554 CVE-2018-7527 119 Overflow 2018-04-26 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
2555 CVE-2018-7524 352 CSRF 2018-03-22 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.
2556 CVE-2018-7511 20 Exec Code Overflow 2018-03-20 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.
2557 CVE-2018-7509 787 Exec Code Mem. Corr. 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
2558 CVE-2018-7507 119 Exec Code Overflow 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
2559 CVE-2018-7495 22 Dir. Trav. 2018-05-15 2018-06-18
6.4
None Remote Low Not required None Partial Partial
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
2560 CVE-2018-7494 119 Exec Code Overflow 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
2561 CVE-2018-7487 119 DoS Overflow 2018-02-26 2018-04-07
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.
2562 CVE-2018-7486 284 Exec Code 2018-02-26 2018-03-22
6.5
None Remote Low Single system Partial Partial Partial
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.
2563 CVE-2018-7466 94 2018-02-25 2018-03-29
6.0
None Remote Medium Single system Partial Partial Partial
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
2564 CVE-2018-7442 22 Dir. Trav. 2018-02-23 2018-03-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
2565 CVE-2018-7439 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
2566 CVE-2018-7438 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
2567 CVE-2018-7437 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
2568 CVE-2018-7436 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
2569 CVE-2018-7435 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
2570 CVE-2018-7407 704 Exec Code 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.
2571 CVE-2018-7406 129 Exec Code 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.
2572 CVE-2018-7339 119 DoS Overflow 2018-02-23 2018-03-18
6.8
None Remote Medium Not required Partial Partial Partial
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.
2573 CVE-2018-7308 352 CSRF 2018-02-21 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.
2574 CVE-2018-7307 352 CSRF 2018-03-06 2018-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
2575 CVE-2018-7304 74 2018-02-21 2018-03-12
6.5
None Remote Low Single system Partial Partial Partial
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
2576 CVE-2018-7263 415 DoS 2018-02-20 2018-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.
2577 CVE-2018-7254 119 Overflow 2018-02-19 2018-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
2578 CVE-2018-7253 119 Overflow 2018-02-19 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
2579 CVE-2018-7249 416 2018-02-26 2018-03-22
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.
2580 CVE-2018-7245 285 2018-04-18 2018-05-23
6.4
None Remote Low Not required None Partial Partial
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
2581 CVE-2018-7240 264 DoS Exec Code 2018-04-18 2018-05-22
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
2582 CVE-2018-7239 426 Exec Code 2018-03-09 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
2583 CVE-2018-7237 20 2018-03-09 2018-03-27
6.4
None Remote Low Not required None Partial Partial
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
2584 CVE-2018-7230 611 2018-03-09 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
2585 CVE-2018-7219 352 CSRF 2018-02-19 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
2586 CVE-2018-7217 434 2018-02-18 2018-03-18
6.5
None Remote Low Single system Partial Partial Partial
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request.
2587 CVE-2018-7216 352 CSRF 2018-02-18 2018-03-16
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
2588 CVE-2018-7208 20 DoS 2018-02-17 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.
2589 CVE-2018-7206 264 2018-02-17 2018-03-20
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)
2590 CVE-2018-7201 74 2019-05-22 2019-05-23
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
2591 CVE-2018-7176 352 CSRF 2018-02-15 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
2592 CVE-2018-7160 254 Exec Code Bypass 2018-05-17 2018-06-27
6.8
None Remote Medium Not required Partial Partial Partial
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
2593 CVE-2018-7125 20 Exec Code 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
2594 CVE-2018-7107 89 Sql 2018-09-27 2018-11-21
6.5
None Remote Low Single system Partial Partial Partial
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
2595 CVE-2018-7097 352 CSRF 2018-08-14 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.
2596 CVE-2018-7092 22 Dir. Trav. 2018-08-06 2018-10-05
6.4
None Remote Low Not required None Partial Partial
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.
2597 CVE-2018-7060 352 CSRF 2018-08-06 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.
2598 CVE-2018-6961 77 Exec Code 2018-06-11 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
2599 CVE-2018-6960 287 Bypass 2018-04-20 2018-05-22
6.5
None Remote Low Single system Partial Partial Partial
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
2600 CVE-2018-6941 352 Exec Code XSS CSRF 2018-02-20 2018-03-13
6.8
None Remote Medium Not required Partial Partial Partial
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.