# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
10101 |
CVE-2018-17150 |
79 |
|
XSS |
2019-07-11 |
2019-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Intersystems Cache 2017.2.2.865.0 allows XSS. |
10102 |
CVE-2018-17148 |
284 |
|
|
2019-06-19 |
2019-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. |
10103 |
CVE-2018-17144 |
20 |
|
DoS |
2018-09-19 |
2019-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. |
10104 |
CVE-2018-17143 |
20 |
|
|
2018-09-17 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. |
10105 |
CVE-2018-17142 |
20 |
|
|
2018-09-17 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. |
10106 |
CVE-2018-17141 |
20 |
|
Exec Code |
2018-09-21 |
2018-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. |
10107 |
CVE-2018-17139 |
434 |
|
Exec Code |
2018-09-17 |
2018-11-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. |
10108 |
CVE-2018-17137 |
|
|
Bypass |
2018-09-17 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. |
10109 |
CVE-2018-17136 |
89 |
|
Sql |
2018-09-17 |
2018-11-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. |
10110 |
CVE-2018-17134 |
94 |
|
Exec Code |
2018-09-17 |
2018-11-01 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. |
10111 |
CVE-2018-17133 |
94 |
|
Exec Code |
2018-09-17 |
2018-11-01 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. |
10112 |
CVE-2018-17132 |
94 |
|
Exec Code |
2018-09-17 |
2018-11-01 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. |
10113 |
CVE-2018-17131 |
94 |
|
Exec Code |
2018-09-17 |
2018-11-01 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. |
10114 |
CVE-2018-17129 |
89 |
|
Sql |
2018-09-17 |
2018-11-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. |
10115 |
CVE-2018-17127 |
476 |
|
DoS |
2018-09-17 |
2019-01-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. |
10116 |
CVE-2018-17126 |
94 |
|
Exec Code |
2018-09-17 |
2018-11-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. |
10117 |
CVE-2018-17125 |
22 |
|
Dir. Trav. |
2018-09-17 |
2018-11-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. |
10118 |
CVE-2018-17113 |
79 |
|
XSS |
2018-09-17 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. |
10119 |
CVE-2018-17111 |
|
|
|
2018-09-18 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect. |
10120 |
CVE-2018-17110 |
89 |
|
Sql |
2018-09-17 |
2018-11-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. |
10121 |
CVE-2018-17108 |
417 |
|
|
2018-09-16 |
2018-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. |
10122 |
CVE-2018-17107 |
|
|
|
2018-09-24 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password. |
10123 |
CVE-2018-17106 |
119 |
|
Overflow |
2018-09-16 |
2018-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname. |
10124 |
CVE-2018-17104 |
352 |
|
CSRF |
2018-09-16 |
2018-11-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. |
10125 |
CVE-2018-17103 |
352 |
|
CSRF |
2018-09-16 |
2018-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter. |
10126 |
CVE-2018-17102 |
352 |
|
CSRF |
2018-09-16 |
2018-11-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. |
10127 |
CVE-2018-17101 |
787 |
|
DoS |
2018-09-16 |
2019-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
10128 |
CVE-2018-17100 |
190 |
|
DoS Overflow |
2018-09-16 |
2019-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. |
10129 |
CVE-2018-17098 |
119 |
|
DoS Overflow |
2018-09-16 |
2018-11-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. |
10130 |
CVE-2018-17097 |
415 |
|
DoS |
2018-09-16 |
2018-11-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. |
10131 |
CVE-2018-17096 |
617 |
|
DoS |
2018-09-16 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. |
10132 |
CVE-2018-17095 |
119 |
|
Overflow |
2018-09-16 |
2019-01-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. |
10133 |
CVE-2018-17094 |
476 |
|
|
2018-09-16 |
2018-11-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_unserialize in lib/archive.c. |
10134 |
CVE-2018-17093 |
476 |
|
|
2018-09-16 |
2018-11-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_get_path in lib/util.c. |
10135 |
CVE-2018-17092 |
89 |
|
Sql +Info |
2018-09-16 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user. |
10136 |
CVE-2018-17091 |
200 |
|
+Info |
2018-09-16 |
2018-11-01 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. |
10137 |
CVE-2018-17088 |
190 |
|
Overflow |
2018-09-16 |
2018-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability. |
10138 |
CVE-2018-17086 |
79 |
|
XSS |
2018-09-16 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. |
10139 |
CVE-2018-17085 |
79 |
|
XSS |
2018-09-16 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. |
10140 |
CVE-2018-17082 |
79 |
|
XSS |
2018-09-16 |
2019-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. |
10141 |
CVE-2018-17081 |
352 |
|
CSRF |
2018-09-26 |
2018-11-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. |
10142 |
CVE-2018-17079 |
79 |
|
XSS |
2019-06-19 |
2019-06-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. |
10143 |
CVE-2018-17077 |
79 |
|
XSS Bypass |
2018-09-15 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. |
10144 |
CVE-2018-17076 |
119 |
|
Overflow |
2018-09-15 |
2018-11-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. |
10145 |
CVE-2018-17075 |
20 |
|
|
2018-09-15 |
2019-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. |
10146 |
CVE-2018-17074 |
601 |
|
|
2018-09-15 |
2018-11-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. |
10147 |
CVE-2018-17073 |
476 |
|
|
2018-09-15 |
2018-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. |
10148 |
CVE-2018-17072 |
125 |
|
|
2018-09-15 |
2018-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. |
10149 |
CVE-2018-17071 |
338 |
|
|
2018-09-18 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards. |
10150 |
CVE-2018-17070 |
352 |
|
CSRF |
2018-09-15 |
2018-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. |