CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2018-13330 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
802 CVE-2018-13316 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
803 CVE-2018-13314 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
804 CVE-2018-13311 77 Exec Code 2018-11-26 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
805 CVE-2018-13307 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
806 CVE-2018-13306 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
807 CVE-2018-13285 78 Exec Code 2019-04-01 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
808 CVE-2018-13284 78 Exec Code 2019-04-01 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
809 CVE-2018-13140 284 Exec Code 2018-09-24 2018-12-20
9.3
None Remote Medium Not required Complete Complete Complete
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
810 CVE-2018-13101 264 2018-07-03 2018-09-04
10.0
None Remote Low Not required Complete Complete Complete
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.
811 CVE-2018-13023 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
812 CVE-2018-13021 434 Exec Code 2018-06-29 2018-08-21
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
813 CVE-2018-12942 89 Sql 2018-07-31 2018-09-28
9.0
None Remote Low Single system Complete Complete Complete
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system.
814 CVE-2018-12941 20 Exec Code 2018-07-31 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.
815 CVE-2018-12925 284 2018-06-28 2018-08-24
10.0
None Remote Low Not required Complete Complete Complete
Baseon Lantronix MSS devices do not require a password for TELNET access.
816 CVE-2018-12924 798 2018-06-28 2018-08-24
10.0
None Remote Low Not required Complete Complete Complete
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.
817 CVE-2018-12877 416 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
818 CVE-2018-12876 704 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
819 CVE-2018-12868 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
820 CVE-2018-12865 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
821 CVE-2018-12864 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
822 CVE-2018-12863 416 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
823 CVE-2018-12862 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
824 CVE-2018-12861 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
825 CVE-2018-12860 787 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
826 CVE-2018-12858 704 Exec Code 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
827 CVE-2018-12855 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
828 CVE-2018-12853 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
829 CVE-2018-12852 416 Exec Code 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
830 CVE-2018-12851 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
831 CVE-2018-12846 119 Exec Code Overflow 2018-10-12 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
832 CVE-2018-12841 415 Exec Code 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
833 CVE-2018-12837 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
834 CVE-2018-12836 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
835 CVE-2018-12835 704 Exec Code 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
836 CVE-2018-12833 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
837 CVE-2018-12832 119 Exec Code Overflow 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
838 CVE-2018-12831 416 Exec Code 2018-10-12 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
839 CVE-2018-12830 119 Exec Code Overflow 2019-01-18 2019-01-23
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
840 CVE-2018-12823 119 Exec Code Overflow 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
841 CVE-2018-12822 416 Exec Code 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
842 CVE-2018-12815 416 Exec Code 2018-07-20 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
843 CVE-2018-12814 119 Exec Code Overflow 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
844 CVE-2018-12813 119 Exec Code Overflow 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
845 CVE-2018-12812 704 Exec Code 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
846 CVE-2018-12802 264 Bypass 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.
847 CVE-2018-12798 119 Exec Code Overflow 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
848 CVE-2018-12797 416 Exec Code 2018-07-20 2018-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
849 CVE-2018-12796 416 Exec Code 2018-07-20 2018-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
850 CVE-2018-12792 416 Exec Code 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.