# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
10501 |
CVE-2018-16416 |
352 |
|
CSRF |
2018-09-03 |
2018-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. |
10502 |
CVE-2018-16413 |
125 |
|
|
2018-09-03 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. |
10503 |
CVE-2018-16412 |
125 |
|
|
2018-09-03 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. |
10504 |
CVE-2018-16410 |
89 |
|
Sql |
2018-09-03 |
2018-10-25 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. |
10505 |
CVE-2018-16409 |
918 |
|
|
2018-09-03 |
2018-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. |
10506 |
CVE-2018-16408 |
269 |
|
Exec Code |
2018-09-03 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. |
10507 |
CVE-2018-16407 |
79 |
|
XSS |
2018-09-03 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. |
10508 |
CVE-2018-16406 |
79 |
|
XSS |
2018-09-03 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. |
10509 |
CVE-2018-16405 |
79 |
|
XSS |
2018-09-03 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. |
10510 |
CVE-2018-16403 |
125 |
|
|
2018-09-03 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. |
10511 |
CVE-2018-16402 |
415 |
|
DoS |
2018-09-03 |
2019-06-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. |
10512 |
CVE-2018-16398 |
|
|
Bypass |
2018-09-03 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. |
10513 |
CVE-2018-16397 |
434 |
|
|
2018-09-03 |
2018-10-31 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, |
10514 |
CVE-2018-16396 |
|
|
|
2018-11-16 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. |
10515 |
CVE-2018-16395 |
|
|
|
2018-11-16 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. |
10516 |
CVE-2018-16393 |
119 |
|
DoS Overflow |
2018-09-03 |
2019-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. |
10517 |
CVE-2018-16392 |
119 |
|
DoS Overflow |
2018-09-03 |
2019-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. |
10518 |
CVE-2018-16391 |
119 |
|
DoS Overflow |
2018-09-03 |
2019-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. |
10519 |
CVE-2018-16389 |
89 |
|
Sql |
2018-09-12 |
2018-11-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. |
10520 |
CVE-2018-16388 |
434 |
|
Exec Code |
2018-09-12 |
2018-11-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. |
10521 |
CVE-2018-16387 |
352 |
|
CSRF |
2018-09-02 |
2018-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. |
10522 |
CVE-2018-16386 |
74 |
|
|
2019-07-05 |
2019-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing [email protected]:comp/env/ error messages. |
10523 |
CVE-2018-16385 |
89 |
|
Sql |
2018-09-02 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. |
10524 |
CVE-2018-16384 |
89 |
|
Sql Bypass |
2018-09-02 |
2018-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. |
10525 |
CVE-2018-16382 |
125 |
|
|
2018-09-02 |
2018-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. |
10526 |
CVE-2018-16381 |
79 |
|
XSS |
2018-09-05 |
2018-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. |
10527 |
CVE-2018-16380 |
352 |
|
CSRF |
2018-09-02 |
2019-09-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. |
10528 |
CVE-2018-16376 |
787 |
|
DoS Overflow |
2018-09-02 |
2018-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. |
10529 |
CVE-2018-16375 |
119 |
|
Overflow |
2018-09-02 |
2018-11-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. |
10530 |
CVE-2018-16373 |
434 |
|
|
2018-09-02 |
2018-10-24 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. |
10531 |
CVE-2018-16372 |
79 |
|
XSS |
2018-09-02 |
2018-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. |
10532 |
CVE-2018-16371 |
79 |
|
XSS |
2018-09-02 |
2018-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. |
10533 |
CVE-2018-16370 |
434 |
|
Exec Code |
2018-09-02 |
2018-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. |
10534 |
CVE-2018-16369 |
|
|
DoS |
2018-09-02 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. |
10535 |
CVE-2018-16368 |
125 |
|
DoS |
2018-09-02 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. |
10536 |
CVE-2018-16367 |
284 |
|
|
2018-09-02 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. |
10537 |
CVE-2018-16366 |
352 |
|
CSRF |
2018-09-02 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. |
10538 |
CVE-2018-16365 |
352 |
|
CSRF |
2018-09-02 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. |
10539 |
CVE-2018-16364 |
502 |
|
Exec Code |
2018-09-26 |
2018-12-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. |
10540 |
CVE-2018-16362 |
79 |
|
Exec Code XSS |
2018-09-02 |
2018-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. |
10541 |
CVE-2018-16361 |
79 |
|
XSS |
2018-09-05 |
2018-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. |
10542 |
CVE-2018-16359 |
|
|
|
2018-09-02 |
2019-10-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. |
10543 |
CVE-2018-16354 |
89 |
|
Sql |
2018-09-02 |
2018-10-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter. |
10544 |
CVE-2018-16353 |
89 |
|
Sql |
2018-09-02 |
2018-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter. |
10545 |
CVE-2018-16352 |
434 |
|
|
2018-09-02 |
2018-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. |
10546 |
CVE-2018-16350 |
79 |
|
XSS |
2018-09-02 |
2018-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. |
10547 |
CVE-2018-16349 |
79 |
|
XSS |
2018-09-02 |
2018-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. |
10548 |
CVE-2018-16347 |
79 |
|
XSS |
2018-09-02 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. |
10549 |
CVE-2018-16345 |
352 |
|
CSRF |
2018-09-02 |
2018-11-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. |
10550 |
CVE-2018-16344 |
22 |
|
Dir. Trav. |
2018-09-02 |
2018-11-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. |