CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2018-11091 434 Exec Code 2018-05-14 2018-06-20
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.
602 CVE-2018-11066 77 Exec Code 2018-11-26 2019-01-02
10.0
None Remote Low Not required Complete Complete Complete
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
603 CVE-2018-11061 264 Exec Code 2018-08-24 2018-10-19
9.0
None Remote Low Single system Complete Complete Complete
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.
604 CVE-2018-11031 918 2018-05-13 2018-06-19
10.0
None Remote Low Not required Complete Complete Complete
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
605 CVE-2018-11013 119 Exec Code Overflow 2018-05-13 2018-06-19
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
606 CVE-2018-10997 89 Sql 2018-06-17 2018-08-14
10.0
None Remote Low Not required Complete Complete Complete
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
607 CVE-2018-10996 119 DoS Exec Code Overflow 2018-05-12 2018-06-18
10.0
None Remote Low Not required Complete Complete Complete
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
608 CVE-2018-10967 77 Exec Code 2018-05-18 2018-06-27
9.0
None Remote Low Single system Complete Complete Complete
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
609 CVE-2018-10897 22 Dir. Trav. 2018-08-01 2018-11-30
9.3
None Remote Medium Not required Complete Complete Complete
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
610 CVE-2018-10843 264 2018-07-02 2018-09-04
9.0
None Remote Low Single system Complete Complete Complete
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
611 CVE-2018-10823 77 Exec Code 2018-10-17 2019-01-23
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
612 CVE-2018-10750 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
613 CVE-2018-10749 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
614 CVE-2018-10748 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
615 CVE-2018-10747 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
616 CVE-2018-10746 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
617 CVE-2018-10731 119 Overflow 2018-05-17 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).
618 CVE-2018-10730 78 2018-05-17 2018-06-19
9.0
None Remote Low Single system Complete Complete Complete
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
619 CVE-2018-10718 119 Exec Code Overflow 2018-05-03 2018-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
620 CVE-2018-10682 287 Exec Code 2018-05-09 2018-06-18
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server.
621 CVE-2018-10662 284 2018-06-26 2018-08-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
622 CVE-2018-10661 284 Bypass 2018-06-26 2018-08-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
623 CVE-2018-10660 77 2018-06-26 2018-08-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
624 CVE-2018-10636 119 Exec Code Overflow +Priv 2018-08-13 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
625 CVE-2018-10635 306 Exec Code 2018-07-11 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained.
626 CVE-2018-10630 287 2018-08-10 2018-10-04
10.0
None Remote Low Not required Complete Complete Complete
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
627 CVE-2018-10616 20 2018-07-18 2018-09-14
9.3
None Remote Medium Not required Complete Complete Complete
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
628 CVE-2018-10606 119 Overflow 2018-09-26 2018-11-16
9.3
None Remote Medium Not required Complete Complete Complete
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.
629 CVE-2018-10605 264 2018-10-01 2018-11-27
9.0
None Remote Low Single system Complete Complete Complete
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.
630 CVE-2018-10602 119 Overflow 2018-09-26 2018-11-16
9.3
None Remote Medium Not required Complete Complete Complete
WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.
631 CVE-2018-10592 798 Exec Code 2018-07-31 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
632 CVE-2018-10587 78 Exec Code 2018-11-01 2018-12-12
9.0
None Remote Low Single system Complete Complete Complete
NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution.
633 CVE-2018-10577 434 Exec Code 2018-05-02 2018-09-16
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
634 CVE-2018-10381 264 Exec Code 2018-04-25 2018-06-13
10.0
None Remote Low Not required Complete Complete Complete
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
635 CVE-2018-10369 284 XSS 2018-08-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
636 CVE-2018-10357 22 Exec Code Dir. Trav. 2018-05-23 2018-06-26
9.0
None Remote Low Single system Complete Complete Complete
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.
637 CVE-2018-10356 89 Exec Code Sql 2018-05-23 2018-06-22
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability.
638 CVE-2018-10354 77 Exec Code 2018-05-23 2018-06-22
9.0
None Remote Low Single system Complete Complete Complete
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.
639 CVE-2018-10351 89 Sql 2018-05-23 2018-06-22
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.
640 CVE-2018-10350 89 Exec Code Sql 2018-05-25 2018-06-25
9.0
None Remote Low Single system Complete Complete Complete
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability.
641 CVE-2018-10251 264 Exec Code +Priv 2018-05-04 2018-06-13
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
642 CVE-2018-10204 264 Exec Code 2018-04-18 2018-05-22
9.0
None Remote Low Single system Complete Complete Complete
PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows "Write" permissions to users in the "Everyone" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account.
643 CVE-2018-10192 264 Exec Code 2018-04-17 2018-05-24
10.0
None Remote Low Not required Complete Complete Complete
IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the "connect" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user.
644 CVE-2018-10173 434 Exec Code 2018-04-20 2018-05-22
9.0
None Remote Low Single system Complete Complete Complete
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.
645 CVE-2018-10170 264 Exec Code 2018-04-16 2018-05-22
10.0
None Remote Low Not required Complete Complete Complete
NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
646 CVE-2018-10169 264 Exec Code 2018-04-16 2018-05-23
10.0
None Remote Low Not required Complete Complete Complete
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user.
647 CVE-2018-10143 284 2018-12-11 2018-12-31
10.0
None Remote Low Not required Complete Complete Complete
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.
648 CVE-2018-10123 284 2018-05-16 2018-06-19
9.0
None Remote Low Single system Complete Complete Complete
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
649 CVE-2018-10088 119 Overflow 2018-06-08 2018-07-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
650 CVE-2018-9577 787 Exec Code +Priv 2018-12-07 2019-01-02
9.3
None Remote Medium Not required Complete Complete Complete
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.