| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2018-19220 |
94 |
|
Exec Code |
2018-11-12 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. |
|
52 |
CVE-2018-19199 |
190 |
|
Overflow |
2018-11-12 |
2018-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. |
|
53 |
CVE-2018-19198 |
787 |
|
|
2018-11-12 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. |
|
54 |
CVE-2018-19196 |
94 |
|
Exec Code Bypass |
2018-11-12 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI. |
|
55 |
CVE-2018-19185 |
119 |
|
Overflow |
2018-11-12 |
2018-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. |
|
56 |
CVE-2018-19180 |
94 |
|
Exec Code |
2018-11-11 |
2018-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. |
|
57 |
CVE-2018-19126 |
434 |
|
Exec Code |
2018-11-09 |
2018-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. |
|
58 |
CVE-2018-19087 |
119 |
|
DoS Exec Code Overflow |
2018-11-09 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
|
59 |
CVE-2018-19086 |
119 |
|
DoS Exec Code Overflow |
2018-11-09 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
|
60 |
CVE-2018-19085 |
119 |
|
DoS Exec Code Overflow |
2018-11-09 |
2018-12-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
|
61 |
CVE-2018-19084 |
119 |
|
DoS Exec Code Overflow |
2018-11-09 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
|
62 |
CVE-2018-19082 |
119 |
|
Overflow |
2018-11-07 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. |
|
63 |
CVE-2018-19079 |
20 |
|
|
2018-11-07 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. |
|
64 |
CVE-2018-19077 |
125 |
|
DoS |
2018-11-07 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. |
|
65 |
CVE-2018-19061 |
89 |
|
Sql |
2018-11-07 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. |
|
66 |
CVE-2018-18963 |
89 |
|
Sql |
2018-11-06 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. |
|
67 |
CVE-2018-18957 |
119 |
|
Overflow |
2018-11-05 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. |
|
68 |
CVE-2018-18949 |
89 |
|
Sql |
2018-11-05 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. |
|
69 |
CVE-2018-18934 |
434 |
|
Exec Code CSRF |
2018-11-05 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. |
|
70 |
CVE-2018-18892 |
94 |
|
Exec Code |
2018-10-31 |
2018-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. |
|
71 |
CVE-2018-18887 |
89 |
|
Sql |
2018-10-31 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). |
|
72 |
CVE-2018-18874 |
434 |
|
Exec Code |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. |
|
73 |
CVE-2018-18869 |
22 |
|
Exec Code Dir. Trav. |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. |
|
74 |
CVE-2018-18835 |
94 |
|
Exec Code |
2018-10-30 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. |
|
75 |
CVE-2018-18834 |
119 |
|
Overflow |
2018-10-30 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. |
|
76 |
CVE-2018-18832 |
89 |
|
Sql |
2018-10-30 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. |
|
77 |
CVE-2018-18830 |
434 |
|
Exec Code |
2018-10-30 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. |
|
78 |
CVE-2018-18792 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. |
|
79 |
CVE-2018-18791 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. |
|
80 |
CVE-2018-18789 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. |
|
81 |
CVE-2018-18787 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. |
|
82 |
CVE-2018-18786 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. |
|
83 |
CVE-2018-18785 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. |
|
84 |
CVE-2018-18752 |
434 |
|
|
2018-10-29 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. |
|
85 |
CVE-2018-18751 |
415 |
|
|
2018-10-29 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. |
|
86 |
CVE-2018-18730 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. |
|
87 |
CVE-2018-18728 |
77 |
|
Exec Code |
2018-10-29 |
2018-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. |
|
88 |
CVE-2018-18727 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |
|
89 |
CVE-2018-18714 |
119 |
|
DoS Exec Code Overflow |
2018-11-01 |
2018-12-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges. |
|
90 |
CVE-2018-18709 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |
|
91 |
CVE-2018-18708 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. |
|
92 |
CVE-2018-18707 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |
|
93 |
CVE-2018-18706 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. |
|
94 |
CVE-2018-18705 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. |
|
95 |
CVE-2018-18704 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. |
|
96 |
CVE-2018-18702 |
89 |
|
Sql |
2018-10-29 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. |
|
97 |
CVE-2018-18546 |
89 |
|
Sql |
2018-10-20 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. |
|
98 |
CVE-2018-18530 |
89 |
|
Sql |
2018-10-19 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI. |
|
99 |
CVE-2018-18529 |
89 |
|
Sql |
2018-10-19 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI. |
|
100 |
CVE-2018-18527 |
89 |
|
Sql |
2018-10-19 |
2018-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. |
