The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-10-08
Updated
2019-01-04
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
Max CVSS
10.0
EPSS Score
0.30%
Published
2018-10-08
Updated
2019-09-27
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
Max CVSS
9.8
EPSS Score
0.34%
Published
2018-10-31
Updated
2018-12-10
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Max CVSS
9.8
EPSS Score
0.52%
Published
2018-10-31
Updated
2018-12-10
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
Max CVSS
9.0
EPSS Score
0.26%
Published
2018-10-31
Updated
2022-07-27
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
Max CVSS
9.8
EPSS Score
1.48%
Published
2018-10-30
Updated
2018-12-06
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
Max CVSS
9.8
EPSS Score
0.85%
Published
2018-10-30
Updated
2020-08-24
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-10-30
Updated
2018-12-06
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
Max CVSS
9.8
EPSS Score
0.20%
Published
2018-10-30
Updated
2018-12-11
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-10-30
Updated
2018-12-18
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
Max CVSS
9.1
EPSS Score
0.20%
Published
2018-10-29
Updated
2018-12-07
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
Max CVSS
9.1
EPSS Score
0.12%
Published
2018-10-29
Updated
2018-12-07
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
Max CVSS
9.8
EPSS Score
0.19%
Published
2018-10-29
Updated
2019-10-03
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
Max CVSS
10.0
EPSS Score
0.40%
Published
2018-10-29
Updated
2019-01-28
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-10-29
Updated
2018-12-07
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
Max CVSS
9.8
EPSS Score
2.53%
Published
2018-10-29
Updated
2020-09-08
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality
Max CVSS
10.0
EPSS Score
0.65%
Published
2018-10-29
Updated
2024-03-21
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-10-29
Updated
2019-10-03
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.
Max CVSS
9.8
EPSS Score
1.41%
Published
2018-10-29
Updated
2019-10-03
296 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!