CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2018 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000810 190 Overflow 2018-10-08 2019-01-04
7.5
None Remote Low Not required Partial Partial Partial
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.
2 CVE-2018-1000804 119 Exec Code Overflow Sql 2018-10-08 2019-09-27
10.0
None Remote Low Not required Complete Complete Complete
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
3 CVE-2018-18892 94 Exec Code 2018-10-31 2018-12-03
7.5
None Remote Low Not required Partial Partial Partial
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
4 CVE-2018-18887 89 Sql 2018-10-31 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
5 CVE-2018-18883 476 DoS 2018-10-31 2019-01-24
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
6 CVE-2018-18874 434 Exec Code 2018-10-31 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
7 CVE-2018-18869 22 Exec Code Dir. Trav. 2018-10-31 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
8 CVE-2018-18850 20 Exec Code 2018-10-30 2018-12-31
9.0
None Remote Low Single system Complete Complete Complete
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
9 CVE-2018-18835 94 Exec Code 2018-10-30 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
10 CVE-2018-18834 119 Overflow 2018-10-30 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
11 CVE-2018-18832 89 Sql 2018-10-30 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
12 CVE-2018-18830 434 Exec Code 2018-10-30 2018-12-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
13 CVE-2018-18822 89 Sql 2018-10-30 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
14 CVE-2018-18792 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
15 CVE-2018-18791 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
16 CVE-2018-18789 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
17 CVE-2018-18787 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
18 CVE-2018-18786 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
19 CVE-2018-18785 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
20 CVE-2018-18752 434 2018-10-29 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
21 CVE-2018-18751 415 2018-10-29 2018-12-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
22 CVE-2018-18730 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
23 CVE-2018-18729 787 Overflow +Info 2018-10-29 2019-10-02
9.0
None Remote Low Not required Partial Partial Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
24 CVE-2018-18728 78 Exec Code 2018-10-29 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.
25 CVE-2018-18727 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
26 CVE-2018-18709 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
27 CVE-2018-18708 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
28 CVE-2018-18707 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
29 CVE-2018-18706 119 Overflow 2018-10-29 2018-12-14
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
30 CVE-2018-18705 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.
31 CVE-2018-18704 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
32 CVE-2018-18702 89 Sql 2018-10-29 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
33 CVE-2018-18654 732 2018-10-25 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.
34 CVE-2018-18653 347 Exec Code Bypass 2018-10-25 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.
35 CVE-2018-18638 78 Exec Code 2018-10-24 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
36 CVE-2018-18546 89 Sql 2018-10-20 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
37 CVE-2018-18530 89 Sql 2018-10-19 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
38 CVE-2018-18529 89 Sql 2018-10-19 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
39 CVE-2018-18527 89 Sql 2018-10-19 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
40 CVE-2018-18488 89 Sql 2018-10-18 2018-11-30
7.5
None Remote Low Not required Partial Partial Partial
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
41 CVE-2018-18486 89 Sql 2018-10-18 2018-12-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.
42 CVE-2018-18476 89 Sql 2018-10-24 2018-12-13
7.5
None Remote Low Not required Partial Partial Partial
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.
43 CVE-2018-18475 434 2018-10-23 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
44 CVE-2018-18461 94 Exec Code 2018-10-18 2018-11-30
7.5
None Remote Low Not required Partial Partial Partial
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
45 CVE-2018-18450 89 Sql 2018-10-17 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
46 CVE-2018-18445 125 2018-10-17 2019-04-08
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
47 CVE-2018-18427 89 Sql 2018-10-17 2018-12-03
7.5
None Remote Low Not required Partial Partial Partial
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.
48 CVE-2018-18426 94 Exec Code 2018-10-17 2018-12-03
9.0
None Remote Low Single system Complete Complete Complete
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
49 CVE-2018-18408 416 DoS 2018-10-17 2019-03-29
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
50 CVE-2018-18396 77 Exec Code 2018-10-19 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Total number of vulnerabilities : 402   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.