CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2018-18426 94 Exec Code 2018-10-17 2018-12-03
9.0
None Remote Low Single system Complete Complete Complete
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
602 CVE-2018-18395 284 2018-10-19 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
603 CVE-2018-18387 264 2018-10-29 2018-12-06
9.0
None Remote Low Single system Complete Complete Complete
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
604 CVE-2018-18068 264 Exec Code 2019-04-04 2019-04-10
10.0
None Remote Low Not required Complete Complete Complete
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.
605 CVE-2018-17990 78 Exec Code 2019-04-01 2019-04-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.
606 CVE-2018-17953 19 2018-11-27 2018-12-21
9.3
None Remote Medium Not required Complete Complete Complete
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
607 CVE-2018-17930 119 Exec Code Overflow 2018-11-28 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
608 CVE-2018-17916 119 Exec Code Overflow 2018-11-02 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine.
609 CVE-2018-17914 264 Exec Code 2018-11-02 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.
610 CVE-2018-17910 119 Exec Code Overflow 2018-10-29 2018-12-06
9.3
None Remote Medium Not required Complete Complete Complete
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.
611 CVE-2018-17896 798 Exec Code +Info 2018-10-12 2018-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
612 CVE-2018-17867 77 Exec Code 2018-10-01 2019-01-03
9.0
None Remote Low Single system Complete Complete Complete
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).
613 CVE-2018-17793 254 Exec Code 2018-09-30 2019-01-08
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.
614 CVE-2018-17565 77 Exec Code 2019-04-01 2019-04-03
10.0
None Remote Low Not required Complete Complete Complete
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
615 CVE-2018-17532 78 Exec Code 2018-10-15 2018-11-30
10.0
None Remote Low Not required Complete Complete Complete
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
616 CVE-2018-17411 611 2018-09-26 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
617 CVE-2018-17208 77 Exec Code CSRF 2018-09-19 2018-12-17
9.3
None Remote Medium Not required Complete Complete Complete
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.
618 CVE-2018-17160 20 Exec Code 2018-12-04 2019-01-24
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.
619 CVE-2018-17157 190 Exec Code Overflow Mem. Corr. 2018-12-04 2019-01-24
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
620 CVE-2018-17153 287 +Priv Bypass 2018-09-18 2018-12-18
10.0
None Remote Low Not required Complete Complete Complete
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
621 CVE-2018-17068 77 2018-09-15 2018-11-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
622 CVE-2018-17067 119 Overflow 2018-09-15 2018-11-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
623 CVE-2018-17066 77 2018-09-15 2018-11-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
624 CVE-2018-17065 119 Overflow 2018-09-15 2018-11-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
625 CVE-2018-17064 77 2018-09-15 2018-11-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
626 CVE-2018-17063 77 2018-09-15 2018-11-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
627 CVE-2018-16957 798 2018-09-17 2018-12-06
10.0
None Remote Low Not required Complete Complete Complete
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
628 CVE-2018-16796 434 2018-09-13 2018-11-25
9.0
None Remote Low Single system Complete Complete Complete
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
629 CVE-2018-16752 20 Exec Code 2018-09-20 2018-12-10
9.0
None Remote Low Single system Complete Complete Complete
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
630 CVE-2018-16660 78 Exec Code 2019-04-25 2019-04-29
9.0
None Remote Low Single system Complete Complete Complete
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
631 CVE-2018-16651 74 2018-09-07 2018-11-14
9.0
None Remote Low Single system Complete Complete Complete
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
632 CVE-2018-16618 77 Exec Code 2019-06-19 2019-06-21
10.0
None Remote Low Not required Complete Complete Complete
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters followed by the name of an Android activity to start. Activities are started by inserting their name into a string that is executed in a shell command. By inserting metacharacters this can be exploited to run arbitrary commands as root. The requests also match those of the HTTP protocol and can be triggered on any web page rendered on the device by requesting resources stored at an http://127.0.0.1:1668/ URI, as demonstrated by the http://127.0.0.1:1668/dacdb70556479813fab2d92896596eef?';{ping,example.org}' URL.
633 CVE-2018-16591 284 2018-09-10 2018-11-05
10.0
None Remote Low Not required Complete Complete Complete
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.
634 CVE-2018-16590 287 2018-09-06 2018-11-14
10.0
None Remote Low Not required Complete Complete Complete
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
635 CVE-2018-16509 264 Exec Code 2018-09-05 2018-12-04
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
636 CVE-2018-16461 77 Exec Code 2018-10-30 2018-12-07
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
637 CVE-2018-16408 284 Exec Code 2018-09-03 2018-10-31
9.0
None Remote Low Single system Complete Complete Complete
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
638 CVE-2018-16367 284 2018-09-02 2018-11-06
9.0
None Remote Low Single system Complete Complete Complete
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
639 CVE-2018-16364 502 Exec Code 2018-09-26 2018-12-20
9.3
None Remote Medium Not required Complete Complete Complete
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
640 CVE-2018-16334 78 2018-09-01 2018-10-25
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
641 CVE-2018-16302 119 Overflow 2018-09-01 2018-11-01
9.3
None Remote Medium Not required Complete Complete Complete
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
642 CVE-2018-16282 78 Exec Code 2018-09-20 2018-11-05
9.0
None Remote Low Single system Complete Complete Complete
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
643 CVE-2018-16217 78 2019-05-29 2019-05-31
9.0
None Remote Low Single system Complete Complete Complete
The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.
644 CVE-2018-16194 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
645 CVE-2018-16167 78 Exec Code 2019-01-09 2019-01-15
10.0
None Remote Low Not required Complete Complete Complete
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
646 CVE-2018-16161 264 +Priv 2018-11-15 2018-12-13
9.0
None Remote Low Single system Complete Complete Complete
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
647 CVE-2018-16158 320 2018-08-30 2018-11-06
10.0
None Remote Low Not required Complete Complete Complete
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
648 CVE-2018-16146 77 2018-09-05 2018-11-13
9.0
None Remote Low Single system Complete Complete Complete
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
649 CVE-2018-16145 264 2018-09-05 2018-11-13
9.3
None Remote Medium Not required Complete Complete Complete
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.
650 CVE-2018-16144 77 2018-09-05 2018-11-13
10.0
None Remote Low Not required Complete Complete Complete
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.