| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
10101 |
CVE-2018-17046 |
79 |
|
XSS |
2018-09-14 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. |
|
10102 |
CVE-2018-17045 |
352 |
|
CSRF |
2018-09-14 |
2018-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. |
|
10103 |
CVE-2018-17043 |
119 |
|
Overflow |
2018-09-14 |
2018-11-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp. |
|
10104 |
CVE-2018-17042 |
835 |
|
|
2018-09-14 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop. |
|
10105 |
CVE-2018-17039 |
79 |
|
XSS |
2018-09-14 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. |
|
10106 |
CVE-2018-17037 |
732 |
|
|
2018-09-14 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. |
|
10107 |
CVE-2018-17036 |
94 |
|
|
2018-09-14 |
2018-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. |
|
10108 |
CVE-2018-17035 |
89 |
|
Sql |
2018-09-14 |
2018-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. |
|
10109 |
CVE-2018-17034 |
79 |
|
XSS |
2018-09-14 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. |
|
10110 |
CVE-2018-17031 |
79 |
|
XSS |
2018-09-13 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. |
|
10111 |
CVE-2018-17030 |
94 |
|
Exec Code |
2018-09-13 |
2018-11-07 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. |
|
10112 |
CVE-2018-17025 |
79 |
|
XSS |
2018-09-13 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. |
|
10113 |
CVE-2018-17023 |
352 |
|
CSRF |
2018-09-13 |
2018-11-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. |
|
10114 |
CVE-2018-17022 |
119 |
|
DoS Overflow |
2018-09-13 |
2018-11-07 |
8.0 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Complete |
|
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. |
|
10115 |
CVE-2018-17021 |
79 |
|
XSS |
2018-09-13 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. |
|
10116 |
CVE-2018-17020 |
20 |
|
DoS |
2018-09-13 |
2018-11-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. |
|
10117 |
CVE-2018-17019 |
20 |
|
|
2018-09-13 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc. |
|
10118 |
CVE-2018-17018 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. |
|
10119 |
CVE-2018-17017 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable. |
|
10120 |
CVE-2018-17016 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name. |
|
10121 |
CVE-2018-17015 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. |
|
10122 |
CVE-2018-17014 |
20 |
|
|
2018-09-13 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. |
|
10123 |
CVE-2018-17013 |
20 |
|
|
2018-09-13 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. |
|
10124 |
CVE-2018-17012 |
20 |
|
|
2018-09-13 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. |
|
10125 |
CVE-2018-17011 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. |
|
10126 |
CVE-2018-17010 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth. |
|
10127 |
CVE-2018-17009 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. |
|
10128 |
CVE-2018-17008 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. |
|
10129 |
CVE-2018-17007 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid. |
|
10130 |
CVE-2018-17006 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. |
|
10131 |
CVE-2018-17005 |
20 |
|
|
2018-09-13 |
2018-10-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. |
|
10132 |
CVE-2018-17004 |
20 |
|
|
2018-09-13 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. |
|
10133 |
CVE-2018-17003 |
79 |
|
XSS |
2018-09-21 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. |
|
10134 |
CVE-2018-17002 |
79 |
|
XSS |
2018-09-21 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. |
|
10135 |
CVE-2018-17001 |
79 |
|
XSS |
2018-09-21 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. |
|
10136 |
CVE-2018-17000 |
476 |
|
|
2018-09-13 |
2019-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. |
|
10137 |
CVE-2018-16999 |
787 |
|
DoS |
2018-09-13 |
2018-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. |
|
10138 |
CVE-2018-16988 |
640 |
|
Bypass |
2019-05-02 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes. |
|
10139 |
CVE-2018-16987 |
522 |
|
|
2018-09-13 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. |
|
10140 |
CVE-2018-16985 |
125 |
|
DoS |
2018-09-13 |
2018-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. |
|
10141 |
CVE-2018-16984 |
522 |
|
Bypass |
2018-10-02 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. |
|
10142 |
CVE-2018-16983 |
|
|
Bypass |
2018-09-13 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. |
|
10143 |
CVE-2018-16982 |
125 |
|
DoS |
2018-09-12 |
2018-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. |
|
10144 |
CVE-2018-16981 |
119 |
|
Overflow |
2018-09-12 |
2018-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. |
|
10145 |
CVE-2018-16980 |
79 |
|
XSS |
2018-09-12 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. |
|
10146 |
CVE-2018-16979 |
113 |
|
|
2018-09-12 |
2018-10-31 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. |
|
10147 |
CVE-2018-16978 |
79 |
|
XSS |
2018-09-12 |
2018-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. |
|
10148 |
CVE-2018-16977 |
200 |
|
+Info |
2018-09-12 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. |
|
10149 |
CVE-2018-16976 |
362 |
|
|
2018-09-12 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. |
|
10150 |
CVE-2018-16975 |
20 |
|
Exec Code |
2018-09-12 |
2018-11-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php. |
