CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2018-15368 20 Exec Code +Priv 2018-10-05 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.
452 CVE-2018-15367 476 Exec Code 2018-10-23 2018-12-04
7.2
None Local Low Not required Complete Complete Complete
A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
453 CVE-2018-15366 416 Exec Code 2018-10-23 2018-12-04
7.2
None Local Low Not required Complete Complete Complete
A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
454 CVE-2018-15364 200 Exec Code +Info 2018-08-30 2018-11-08
1.9
None Local Medium Not required Partial None None
A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
455 CVE-2018-15363 125 Exec Code 2018-08-30 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
456 CVE-2018-15356 77 Exec Code 2018-08-17 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
457 CVE-2018-15353 119 Exec Code Overflow 2018-08-17 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
458 CVE-2018-15156 78 Exec Code 2018-08-15 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
459 CVE-2018-15155 78 Exec Code 2018-08-15 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php.
460 CVE-2018-15154 78 Exec Code 2018-08-15 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.
461 CVE-2018-15153 78 Exec Code 2018-08-15 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
462 CVE-2018-15151 89 Exec Code Sql 2018-08-15 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
463 CVE-2018-15150 89 Exec Code Sql 2018-08-15 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.
464 CVE-2018-15149 89 Exec Code Sql 2018-08-15 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.
465 CVE-2018-15148 89 Exec Code Sql 2018-08-15 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.
466 CVE-2018-15147 89 Exec Code Sql 2018-08-15 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.
467 CVE-2018-15146 89 Exec Code Sql 2018-08-15 2018-10-11
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
468 CVE-2018-15145 89 Exec Code Sql 2018-08-13 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
469 CVE-2018-15144 89 Exec Code Sql 2018-08-13 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.
470 CVE-2018-15143 89 Exec Code Sql 2018-08-13 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
471 CVE-2018-15142 22 Exec Code Dir. Trav. 2018-08-13 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.
472 CVE-2018-15139 434 Exec Code 2018-08-13 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
473 CVE-2018-15137 434 Exec Code 2018-08-07 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
474 CVE-2018-15133 502 Exec Code 2018-08-09 2019-07-15
6.8
None Remote Medium Not required Partial Partial Partial
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
475 CVE-2018-15127 787 Exec Code 2018-12-19 2019-01-16
7.5
None Remote Low Not required Partial Partial Partial
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
476 CVE-2018-15126 416 Exec Code 2018-12-19 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
477 CVE-2018-15122 20 Exec Code 2018-08-16 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
478 CVE-2018-15007 Exec Code 2018-12-28 2018-12-28
0.0
None ??? ??? ??? ??? ??? ???
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. The com.fw.upgrade.sysoper app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more.
479 CVE-2018-15006 Exec Code 2018-12-28 2019-10-02
4.9
None Local Low Not required None None Complete
The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts.
480 CVE-2018-14998 78 Exec Code 2018-12-28 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB.
481 CVE-2018-14933 78 Exec Code 2018-08-04 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
482 CVE-2018-14923 20 Exec Code 2018-08-03 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.
483 CVE-2018-14910 94 Exec Code CSRF 2018-08-03 2018-10-02
6.8
None Remote Medium Not required Partial Partial Partial
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
484 CVE-2018-14893 77 Exec Code 2018-11-27 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
485 CVE-2018-14889 20 Exec Code 2018-09-21 2018-11-08
4.6
None Local Low Not required Partial Partial Partial
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
486 CVE-2018-14878 502 Exec Code 2018-08-13 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.
487 CVE-2018-14857 434 Exec Code +Priv 2018-08-06 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
488 CVE-2018-14856 119 Exec Code Overflow 2018-12-17 2019-01-08
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
489 CVE-2018-14855 119 Exec Code Overflow 2018-12-17 2019-01-08
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
490 CVE-2018-14854 119 Exec Code Overflow 2018-12-17 2019-01-08
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
491 CVE-2018-14853 476 Exec Code 2018-12-17 2019-01-08
3.3
None Local Network Low Not required None None Partial
A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.
492 CVE-2018-14852 119 Exec Code Overflow 2018-12-17 2019-01-08
5.8
None Local Network Low Not required Partial Partial Partial
Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware.
493 CVE-2018-14829 119 Exec Code Overflow 2018-09-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
494 CVE-2018-14826 20 Exec Code Bypass 2018-10-02 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution.
495 CVE-2018-14823 119 Exec Code Overflow 2018-09-26 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
496 CVE-2018-14822 200 Exec Code +Info 2018-10-02 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code.
497 CVE-2018-14819 125 Exec Code 2018-09-26 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.
498 CVE-2018-14818 119 Exec Code Overflow 2018-10-08 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.
499 CVE-2018-14817 191 Exec Code 2018-09-26 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
500 CVE-2018-14816 119 Exec Code Overflow 2018-10-23 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
Total number of vulnerabilities : 3041   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.