CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2018 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-19692 434 Exec Code 2018-11-29 2018-12-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.
2 CVE-2018-19666 22 Dir. Trav. 2018-11-29 2019-01-04
7.2
None Local Low Not required Complete Complete Complete
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
3 CVE-2018-19595 94 Exec Code 2018-11-27 2019-04-17
7.5
None Remote Low Not required Partial Partial Partial
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
4 CVE-2018-19560 352 CSRF 2018-11-26 2018-12-31
9.3
None Remote Medium Not required Complete Complete Complete
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
5 CVE-2018-19559 89 Sql 2018-11-26 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
6 CVE-2018-19558 89 Sql 2018-11-26 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
7 CVE-2018-19557 89 Sql 2018-11-26 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images.
8 CVE-2018-19537 434 Exec Code 2018-11-25 2018-12-28
9.0
None Remote Low Single system Complete Complete Complete
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
9 CVE-2018-19531 20 Exec Code 2018-11-25 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting.
10 CVE-2018-19530 20 Exec Code 2018-11-25 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting.
11 CVE-2018-19528 119 DoS Overflow 2018-11-25 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
12 CVE-2018-19486 426 Exec Code 2018-11-23 2019-04-10
7.5
None Remote Low Not required Partial Partial Partial
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
13 CVE-2018-19468 89 Sql 2018-11-23 2018-12-19
7.5
None Remote Low Not required Partial Partial Partial
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
14 CVE-2018-19463 94 Exec Code 2018-11-22 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI.
15 CVE-2018-19410 File Inclusion 2018-11-21 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
16 CVE-2018-19409 2018-11-21 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
17 CVE-2018-19355 434 Exec Code 2018-11-18 2018-12-20
7.5
None Remote Low Not required Partial Partial Partial
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).
18 CVE-2018-19333 416 2018-11-17 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
19 CVE-2018-19328 22 Dir. Trav. 2018-11-17 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
20 CVE-2018-19290 78 DoS 2018-11-30 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code.
21 CVE-2018-19281 89 Sql 2018-11-14 2019-07-30
7.5
None Remote Low Not required Partial Partial Partial
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
22 CVE-2018-19222 79 XSS 2018-11-12 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
23 CVE-2018-19221 89 Sql 2018-11-12 2018-12-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
24 CVE-2018-19220 94 Exec Code 2018-11-12 2018-12-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
25 CVE-2018-19207 425 Exec Code 2018-11-12 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
26 CVE-2018-19204 20 Exec Code 2018-11-12 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.
27 CVE-2018-19199 190 Overflow 2018-11-12 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
28 CVE-2018-19198 787 2018-11-12 2019-08-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
29 CVE-2018-19196 94 Exec Code Bypass 2018-11-12 2018-12-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI.
30 CVE-2018-19185 119 Overflow 2018-11-12 2018-12-14
7.5
None Remote Low Not required Partial Partial Partial
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector.
31 CVE-2018-19180 94 Exec Code 2018-11-11 2018-12-12
7.5
None Remote Low Not required Partial Partial Partial
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.
32 CVE-2018-19168 78 Exec Code 2018-11-10 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.
33 CVE-2018-19126 434 Exec Code 2018-11-09 2018-12-12
7.5
None Remote Low Not required Partial Partial Partial
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
34 CVE-2018-19115 119 Overflow 2018-11-08 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
35 CVE-2018-19087 119 DoS Exec Code Overflow 2018-11-09 2018-12-12
7.2
None Local Low Not required Complete Complete Complete
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
36 CVE-2018-19086 119 DoS Exec Code Overflow 2018-11-09 2018-12-12
7.2
None Local Low Not required Complete Complete Complete
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
37 CVE-2018-19085 119 DoS Exec Code Overflow 2018-11-09 2018-12-10
7.2
None Local Low Not required Complete Complete Complete
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
38 CVE-2018-19084 119 DoS Exec Code Overflow 2018-11-09 2018-12-12
7.2
None Local Low Not required Complete Complete Complete
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
39 CVE-2018-19082 119 Overflow 2018-11-07 2018-12-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field.
40 CVE-2018-19081 78 Exec Code 2018-11-07 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.
41 CVE-2018-19079 20 2018-11-07 2018-12-13
7.8
None Remote Low Not required None None Complete
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot.
42 CVE-2018-19077 125 DoS 2018-11-07 2018-12-13
7.8
None Remote Low Not required None None Complete
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header.
43 CVE-2018-19073 78 Exec Code 2018-11-07 2018-12-11
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
44 CVE-2018-19070 78 Exec Code 2018-11-07 2018-12-11
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.
45 CVE-2018-19069 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.
46 CVE-2018-19067 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded [email protected] password for the factory~ account.
47 CVE-2018-19064 521 2018-11-07 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.
48 CVE-2018-19063 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.
49 CVE-2018-19061 89 Sql 2018-11-07 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
50 CVE-2018-18963 89 Sql 2018-11-06 2018-12-13
7.5
None Remote Low Not required Partial Partial Partial
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.
Total number of vulnerabilities : 255   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.