CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2018-14768 77 Exec Code 2018-08-29 2018-11-13
9.0
None Remote Low Single system Complete Complete Complete
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
452 CVE-2018-14746 77 2018-11-28 2018-12-27
10.0
None Remote Low Not required Complete Complete Complete
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
453 CVE-2018-14729 20 Exec Code 2019-05-22 2019-05-23
9.0
None Remote Low Single system Complete Complete Complete
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
454 CVE-2018-14722 264 Exec Code 2018-08-15 2018-10-23
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).
455 CVE-2018-14714 77 Exec Code 2019-05-13 2019-05-14
10.0
None Remote Low Not required Complete Complete Complete
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
456 CVE-2018-14706 77 Exec Code 2018-12-03 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.
457 CVE-2018-14643 287 Exec Code Bypass 2018-09-21 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
458 CVE-2018-14618 190 Overflow 2018-09-05 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
459 CVE-2018-14417 78 Exec Code 2018-08-03 2018-10-02
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
460 CVE-2018-14327 264 +Priv 2018-09-26 2019-01-09
9.3
None Remote Medium Not required Complete Complete Complete
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
461 CVE-2018-14324 798 +Info 2018-07-16 2019-05-20
10.0
None Remote Low Not required Complete Complete Complete
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
462 CVE-2018-14078 255 2018-08-20 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).
463 CVE-2018-14060 78 Exec Code 2018-07-14 2018-09-12
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
464 CVE-2018-14010 78 Exec Code 2018-07-14 2018-09-12
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
465 CVE-2018-14009 20 Exec Code 2018-07-12 2018-09-06
10.0
None Remote Low Not required Complete Complete Complete
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
466 CVE-2018-14007 22 Dir. Trav. 2018-08-15 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
Citrix XenServer 7.1 and newer allows Directory Traversal.
467 CVE-2018-13861 284 2018-07-17 2018-09-17
10.0
None Remote Low Not required Complete Complete Complete
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
468 CVE-2018-13858 284 2018-07-17 2018-09-17
10.0
None Remote Low Not required Complete Complete Complete
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
469 CVE-2018-13806 427 Exec Code 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known.
470 CVE-2018-13802 77 Exec Code 2018-10-10 2019-01-11
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device.
471 CVE-2018-13801 264 +Priv 2018-10-10 2019-01-11
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
472 CVE-2018-13418 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
473 CVE-2018-13411 264 2018-09-12 2018-11-16
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges.
474 CVE-2018-13397 77 Exec Code 2018-11-05 2019-01-08
9.0
None Remote Low Single system Complete Complete Complete
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
475 CVE-2018-13396 77 Exec Code 2018-11-05 2019-01-08
9.0
None Remote Low Single system Complete Complete Complete
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
476 CVE-2018-13358 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
477 CVE-2018-13356 264 2018-11-27 2018-12-19
9.0
None Remote Low Single system Complete Complete Complete
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
478 CVE-2018-13354 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
479 CVE-2018-13353 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
480 CVE-2018-13338 77 Exec Code 2018-11-27 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
481 CVE-2018-13336 77 Exec Code 2018-11-27 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
482 CVE-2018-13330 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
483 CVE-2018-13316 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
484 CVE-2018-13314 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
485 CVE-2018-13311 77 Exec Code 2018-11-26 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
486 CVE-2018-13307 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
487 CVE-2018-13306 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
488 CVE-2018-13285 78 Exec Code 2019-04-01 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
489 CVE-2018-13284 78 Exec Code 2019-04-01 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
490 CVE-2018-13140 284 Exec Code 2018-09-24 2018-12-20
9.3
None Remote Medium Not required Complete Complete Complete
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
491 CVE-2018-13101 264 2018-07-03 2018-09-04
10.0
None Remote Low Not required Complete Complete Complete
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.
492 CVE-2018-13023 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
493 CVE-2018-13021 434 Exec Code 2018-06-29 2018-08-21
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
494 CVE-2018-12942 89 Sql 2018-07-31 2018-09-28
9.0
None Remote Low Single system Complete Complete Complete
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system.
495 CVE-2018-12941 20 Exec Code 2018-07-31 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.
496 CVE-2018-12925 284 2018-06-28 2018-08-24
10.0
None Remote Low Not required Complete Complete Complete
Baseon Lantronix MSS devices do not require a password for TELNET access.
497 CVE-2018-12924 798 2018-06-28 2018-08-24
10.0
None Remote Low Not required Complete Complete Complete
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.
498 CVE-2018-12877 416 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
499 CVE-2018-12876 704 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
500 CVE-2018-12868 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.