CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2018-12526 798 2018-06-21 2018-08-14
10.0
None Remote Low Not required Complete Complete Complete
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
502 CVE-2018-12483 78 Exec Code 2018-08-03 2018-10-02
9.0
None Remote Low Single system Complete Complete Complete
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.
503 CVE-2018-12465 78 Exec Code 2018-06-29 2018-08-21
9.0
None Remote Low Single system Complete Complete Complete
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
504 CVE-2018-12455 287 2018-10-10 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
505 CVE-2018-12368 254 Exec Code 2018-10-18 2018-12-06
9.3
None Remote Medium Not required Complete Complete Complete
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
506 CVE-2018-12338 264 2018-06-17 2018-08-14
10.0
None Remote Low Not required Complete Complete Complete
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.
507 CVE-2018-12336 200 +Info 2018-06-17 2018-08-10
10.0
None Remote Low Not required Complete Complete Complete
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
508 CVE-2018-12317 78 Exec Code 2018-12-04 2019-01-24
9.0
None Remote Low Single system Complete Complete Complete
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
509 CVE-2018-12316 78 Exec Code 2018-12-04 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
510 CVE-2018-12313 20 Exec Code 2018-12-04 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
511 CVE-2018-12312 78 Exec Code 2018-12-04 2018-12-20
9.0
None Remote Low Single system Complete Complete Complete
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
512 CVE-2018-12307 78 Exec Code 2018-12-04 2018-12-20
9.0
None Remote Low Single system Complete Complete Complete
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
513 CVE-2018-12072 284 2018-06-17 2018-08-23
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
514 CVE-2018-12049 287 Bypass 2018-06-07 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
515 CVE-2018-12048 287 Bypass 2018-06-07 2018-08-03
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
516 CVE-2018-11905 119 Overflow 2018-12-07 2019-01-02
10.0
None Remote Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.
517 CVE-2018-11808 20 2018-06-05 2018-08-06
10.0
None Remote Low Not required Complete Complete Complete
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
518 CVE-2018-11786 284 2018-09-18 2018-12-06
9.0
None Remote Low Single system Complete Complete Complete
In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.
519 CVE-2018-11776 20 Exec Code 2018-08-22 2019-01-16
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
520 CVE-2018-11769 264 Exec Code +Priv Bypass 2018-08-08 2019-05-13
9.0
None Remote Low Single system Complete Complete Complete
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.
521 CVE-2018-11766 264 2018-11-27 2018-12-18
9.0
None Remote Low Single system Complete Complete Complete
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
522 CVE-2018-11714 384 2018-06-04 2018-07-31
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
523 CVE-2018-11711 287 Bypass 2018-06-04 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
524 CVE-2018-11692 287 Bypass 2018-06-04 2018-07-20
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
525 CVE-2018-11691 798 2019-05-14 2019-05-16
10.0
None Remote Low Not required Complete Complete Complete
Emerson VE6046 09.0.12 devices have hardcoded admin credentials allowing remote connection to the Emerson Smart Switch administrative interface via HTTP or SNMPv3.
526 CVE-2018-11682 798 2018-06-02 2018-07-20
10.0
None Remote Low Not required Complete Complete Complete
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.
527 CVE-2018-11681 798 2018-06-02 2018-07-20
10.0
None Remote Low Not required Complete Complete Complete
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.
528 CVE-2018-11652 78 2018-06-01 2018-07-03
10.0
None Remote Low Not required Complete Complete Complete
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
529 CVE-2018-11638 434 Exec Code 2018-07-03 2018-09-05
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.
530 CVE-2018-11629 798 2018-06-02 2018-07-20
10.0
None Remote Low Not required Complete Complete Complete
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.
531 CVE-2018-11551 426 Exec Code 2018-06-01 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
532 CVE-2018-11541 264 2018-07-09 2018-09-08
10.0
None Remote Low Not required Complete Complete Complete
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
533 CVE-2018-11491 287 Exec Code 2018-07-25 2018-09-20
10.0
None Remote Low Not required Complete Complete Complete
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
534 CVE-2018-11458 264 Exec Code 2018-12-12 2019-01-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.
535 CVE-2018-11457 264 Exec Code 2018-12-12 2019-01-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.
536 CVE-2018-11340 434 Exec Code 2018-05-21 2018-08-16
9.0
None Remote Low Single system Complete Complete Complete
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
537 CVE-2018-11316 20 2018-07-03 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
538 CVE-2018-11314 20 2018-07-03 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
539 CVE-2018-11287 20 2018-09-20 2018-11-23
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.
540 CVE-2018-11285 125 2018-09-20 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.
541 CVE-2018-11241 284 Exec Code 2018-09-21 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
542 CVE-2018-11240 275 Exec Code 2018-09-21 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.
543 CVE-2018-11228 94 Exec Code 2018-06-07 2019-05-02
10.0
None Remote Low Not required Complete Complete Complete
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
544 CVE-2018-11220 77 Exec Code 2018-05-31 2018-07-06
9.0
None Remote Low Single system Complete Complete Complete
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
545 CVE-2018-11194 264 2018-06-01 2018-06-08
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
546 CVE-2018-11193 264 2018-06-01 2018-06-08
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
547 CVE-2018-11192 264 2018-06-01 2018-06-08
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
548 CVE-2018-11191 264 2018-06-01 2018-06-08
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
549 CVE-2018-11190 264 2018-06-01 2018-06-08
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).
550 CVE-2018-11189 264 2018-06-01 2018-06-08
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.