CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2018-15886 94 Exec Code 2018-09-10 2018-11-14
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.
1002 CVE-2018-15884 352 2018-08-28 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
1003 CVE-2018-15852 254 DoS 2018-08-25 2018-10-23
6.1
None Local Network Low Not required None None Complete
** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.
1004 CVE-2018-15851 352 CSRF 2018-08-25 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.
1005 CVE-2018-15850 352 CSRF 2018-08-25 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
1006 CVE-2018-15848 352 CSRF 2018-08-25 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
1007 CVE-2018-15846 352 CSRF 2018-08-25 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.
1008 CVE-2018-15845 352 CSRF 2018-08-25 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
1009 CVE-2018-15844 352 CSRF 2018-08-25 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
1010 CVE-2018-15832 20 Exec Code 2018-09-20 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
1011 CVE-2018-15805 611 DoS 2018-12-10 2019-01-03
6.4
None Remote Low Not required Partial None Partial
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
1012 CVE-2018-15762 264 2018-11-02 2019-01-08
6.5
None Remote Low Single system Partial Partial Partial
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
1013 CVE-2018-15761 264 +Priv 2018-11-19 2018-12-17
6.5
None Remote Low Single system Partial Partial Partial
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
1014 CVE-2018-15758 264 2018-10-18 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
1015 CVE-2018-15755 89 Sql 2018-10-12 2018-12-04
6.5
None Remote Low Single system Partial Partial Partial
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
1016 CVE-2018-15711 264 2018-11-14 2018-12-07
6.5
None Remote Low Single system Partial Partial Partial
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
1017 CVE-2018-15709 77 Exec Code 2018-11-14 2018-12-06
6.5
None Remote Low Single system Partial Partial Partial
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
1018 CVE-2018-15702 352 CSRF 2018-10-01 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.
1019 CVE-2018-15700 20 DoS 2018-10-01 2018-11-27
6.1
None Local Network Low Not required None None Complete
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.
1020 CVE-2018-15698 200 +Info 2018-08-27 2018-10-30
6.8
None Remote Low Single system Complete None None
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
1021 CVE-2018-15694 22 Exec Code Dir. Trav. 2018-08-27 2018-10-30
6.0
None Remote Medium Single system Partial Partial Partial
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
1022 CVE-2018-15685 254 Exec Code 2018-08-23 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
1023 CVE-2018-15682 352 CSRF 2018-09-05 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.
1024 CVE-2018-15612 352 CSRF 2018-09-21 2018-11-14
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
1025 CVE-2018-15576 94 Exec Code 2018-08-24 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
1026 CVE-2018-15571 74 2018-08-28 2018-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
1027 CVE-2018-15568 352 CSRF 2018-08-19 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
1028 CVE-2018-15565 352 CSRF 2018-08-19 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.
1029 CVE-2018-15564 352 CSRF 2018-08-19 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
1030 CVE-2018-15539 352 CSRF 2018-10-15 2018-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
1031 CVE-2018-15529 77 2018-08-28 2019-04-05
6.5
None Remote Low Single system Partial Partial Partial
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
1032 CVE-2018-15518 415 2018-12-26 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
1033 CVE-2018-15514 502 2018-08-31 2018-11-09
6.5
None Remote Low Single system Partial Partial Partial
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.
1034 CVE-2018-15498 284 2019-03-21 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
YSoft SafeQ Server 6 allows a replay attack.
1035 CVE-2018-15486 284 File Inclusion 2018-09-07 2018-11-13
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
1036 CVE-2018-15485 287 2018-09-07 2018-11-13
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
1037 CVE-2018-15481 264 2018-08-21 2018-10-23
6.5
None Remote Low Single system Partial Partial Partial
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.
1038 CVE-2018-15480 264 2018-08-30 2018-11-09
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands.
1039 CVE-2018-15479 287 2018-08-30 2018-11-09
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address.
1040 CVE-2018-15478 264 2018-08-30 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker.
1041 CVE-2018-15474 20 Exec Code 2018-09-07 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki."
1042 CVE-2018-15471 190 DoS Overflow +Info 2018-08-17 2018-11-15
6.8
None Local Low Single system Complete Complete Complete
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.
1043 CVE-2018-15445 352 CSRF 2018-11-08 2018-12-11
6.0
None Remote Medium Single system Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.
1044 CVE-2018-15431 20 Exec Code 2018-10-05 2018-12-06
6.9
None Local Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
1045 CVE-2018-15430 20 Exec Code 2018-10-05 2018-11-27
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.
1046 CVE-2018-15425 20 Exec Code 2018-10-05 2018-12-06
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.
1047 CVE-2018-15424 20 Exec Code 2018-10-05 2018-12-06
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.
1048 CVE-2018-15409 20 Exec Code 2018-10-05 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
1049 CVE-2018-15402 352 +Priv CSRF 2018-10-17 2019-01-24
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.
1050 CVE-2018-15373 399 DoS 2018-10-05 2019-04-15
6.1
None Local Network Low Not required None None Complete
A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.