CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2018-16346 79 XSS 2018-09-02 2018-11-09
3.5
None Remote Medium Single system None Partial None
ChemCMS 1.0.6 has XSS via the "setting -> website information" field.
502 CVE-2018-16345 352 CSRF 2018-09-02 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
503 CVE-2018-16344 22 Dir. Trav. 2018-09-02 2018-11-13
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
504 CVE-2018-16343 94 Exec Code 2018-09-02 2018-11-13
6.5
None Remote Low Single system Partial Partial Partial
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.
505 CVE-2018-16342 79 XSS 2018-09-02 2018-10-24
3.5
None Remote Medium Single system None Partial None
ShowDoc v1.8.0 has XSS via a new page.
506 CVE-2018-16339 352 CSRF 2018-09-02 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
507 CVE-2018-16338 352 CSRF 2018-09-02 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
508 CVE-2018-16337 352 CSRF 2018-09-02 2018-10-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
509 CVE-2018-16336 125 DoS 2018-09-01 2019-10-02
4.3
None Remote Medium Not required None None Partial
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.
510 CVE-2018-16335 119 DoS Overflow 2018-09-01 2018-12-01
6.8
None Remote Medium Not required Partial Partial Partial
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
511 CVE-2018-16334 78 2018-09-01 2018-10-25
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
512 CVE-2018-16333 119 Overflow 2018-09-01 2018-10-25
7.8
None Remote Low Not required None None Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
513 CVE-2018-16332 352 CSRF 2018-09-01 2018-10-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
514 CVE-2018-16331 352 CSRF 2018-09-01 2018-10-23
6.8
None Remote Medium Not required Partial Partial Partial
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
515 CVE-2018-16330 79 XSS 2018-09-01 2018-10-25
4.3
None Remote Medium Not required None Partial None
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.
516 CVE-2018-16329 476 2018-09-01 2018-10-25
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
517 CVE-2018-16328 476 2018-09-01 2018-10-25
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
518 CVE-2018-16327 79 XSS 2018-09-01 2018-11-09
3.5
None Remote Medium Single system None Partial None
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
519 CVE-2018-16325 79 XSS 2018-09-01 2018-11-02
4.3
None Remote Medium Not required None Partial None
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
520 CVE-2018-16324 79 XSS 2018-09-01 2018-11-06
4.3
None Remote Medium Not required None Partial None
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
521 CVE-2018-16323 200 +Info 2018-09-01 2019-06-25
4.3
None Remote Medium Not required Partial None None
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
522 CVE-2018-16320 22 Exec Code Dir. Trav. 2018-09-01 2018-11-02
6.5
None Remote Low Single system Partial Partial Partial
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
523 CVE-2018-16316 79 XSS 2018-09-01 2018-11-09
3.5
None Remote Medium Single system None Partial None
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.
524 CVE-2018-16315 352 CSRF 2018-09-01 2018-10-25
4.3
None Remote Medium Not required None Partial None
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add.
525 CVE-2018-16314 352 Bypass CSRF 2018-09-01 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
526 CVE-2018-16313 79 XSS 2018-09-01 2018-11-02
4.3
None Remote Medium Not required None Partial None
Bludit 2.3.4 allows XSS via a user name.
527 CVE-2018-16310 400 DoS 2018-09-06 2019-10-02
6.1
None Local Network Low Not required None None Complete
** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.
528 CVE-2018-16308 74 2018-09-01 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
529 CVE-2018-16307 200 +Info 2018-09-05 2018-11-14
5.0
None Remote Low Not required Partial None None
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.
530 CVE-2018-16303 611 DoS 2018-09-01 2018-10-31
5.0
None Remote Low Not required None None Partial
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.
531 CVE-2018-16302 119 Overflow 2018-09-01 2018-11-01
9.3
None Remote Medium Not required Complete Complete Complete
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
532 CVE-2018-16299 22 Dir. Trav. 2018-09-24 2018-11-23
5.0
None Remote Low Not required Partial None None
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
533 CVE-2018-16288 200 +Info 2018-09-14 2018-11-07
7.8
None Remote Low Not required Complete None None
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
534 CVE-2018-16287 434 2018-09-14 2018-11-07
7.5
None Remote Low Not required Partial Partial Partial
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
535 CVE-2018-16286 287 Bypass 2018-09-14 2018-11-07
5.0
None Remote Low Not required Partial None None
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
536 CVE-2018-16285 79 XSS 2018-09-06 2018-11-02
4.3
None Remote Medium Not required None Partial None
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
537 CVE-2018-16283 22 Dir. Trav. 2018-09-24 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
538 CVE-2018-16282 78 Exec Code 2018-09-20 2018-11-05
9.0
None Remote Low Single system Complete Complete Complete
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
539 CVE-2018-16281 284 2018-09-21 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.
540 CVE-2018-16277 79 XSS 2018-09-27 2018-11-15
3.5
None Remote Medium Single system None Partial None
The Image Import function in XWiki through 10.7 has XSS.
541 CVE-2018-16261 295 2018-09-06 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.
542 CVE-2018-16252 611 2018-09-05 2018-12-04
2.1
None Local Low Not required Partial None None
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
543 CVE-2018-16242 294 Bypass 2018-09-14 2019-10-02
2.9
None Local Network Medium Not required None Partial None
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
544 CVE-2018-16225 287 Bypass 2018-09-18 2018-12-07
6.1
None Local Network Low Not required None None Complete
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
545 CVE-2018-16152 347 2018-09-26 2018-12-19
5.0
None Remote Low Not required None Partial None
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
546 CVE-2018-16151 347 2018-09-26 2018-12-19
5.0
None Remote Low Not required None Partial None
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.
547 CVE-2018-16148 79 XSS 2018-09-05 2018-11-13
4.3
None Remote Medium Not required None Partial None
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
548 CVE-2018-16147 79 XSS 2018-09-05 2018-11-13
4.3
None Remote Medium Not required None Partial None
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
549 CVE-2018-16146 78 2018-09-05 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
550 CVE-2018-16145 732 2018-09-05 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.
Total number of vulnerabilities : 1171   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.