libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
Max CVSS
9.8
EPSS Score
0.57%
Published
2018-01-24
Updated
2022-06-13

CVE-2018-1000006

Public exploit
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
Max CVSS
9.3
EPSS Score
97.03%
Published
2018-01-24
Updated
2018-04-01
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.
Max CVSS
9.1
EPSS Score
0.65%
Published
2018-01-24
Updated
2019-06-18
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.
Max CVSS
10.0
EPSS Score
0.19%
Published
2018-01-31
Updated
2018-02-13
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.
Max CVSS
9.3
EPSS Score
0.06%
Published
2018-01-31
Updated
2018-02-13
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-30
Updated
2018-02-14
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-30
Updated
2018-02-14
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.
Max CVSS
9.0
EPSS Score
0.51%
Published
2018-01-29
Updated
2018-02-15
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.
Max CVSS
10.0
EPSS Score
0.25%
Published
2018-01-29
Updated
2018-02-15
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
Max CVSS
9.8
EPSS Score
17.09%
Published
2018-01-30
Updated
2018-02-13
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-01-29
Updated
2018-02-14
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-01-29
Updated
2018-02-14
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-01-29
Updated
2018-02-14
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-01-29
Updated
2020-03-11
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate parameter to modules\Contacts\ShowDuplicates.php, the mergecur parameter to modules\Currencies\index.php and modules\Opportunities\Opportunity.php, and the load_signed_id parameter to modules\Documents\Document.php.
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-01-25
Updated
2018-02-12
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.
Max CVSS
9.1
EPSS Score
0.17%
Published
2018-01-24
Updated
2019-10-03
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.
Max CVSS
9.1
EPSS Score
0.17%
Published
2018-01-24
Updated
2019-10-03

CVE-2018-6000

Public exploit
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
Max CVSS
10.0
EPSS Score
9.00%
Published
2018-01-22
Updated
2019-10-03

CVE-2018-5999

Public exploit
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Max CVSS
10.0
EPSS Score
32.02%
Published
2018-01-22
Updated
2019-10-03
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
Max CVSS
10.0
EPSS Score
6.37%
Published
2018-01-25
Updated
2018-02-12
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-24
Updated
2018-02-07
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-24
Updated
2020-02-19
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-24
Updated
2018-02-07
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-24
Updated
2018-02-07
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-01-24
Updated
2018-02-07
242 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!