# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
11301 |
CVE-2018-11568 |
79 |
|
XSS |
2018-05-30 |
2018-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations. |
11302 |
CVE-2018-11567 |
384 |
|
|
2018-05-30 |
2018-07-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range. NOTE: The vendor states "Customer trust is important to us and we take security and privacy seriously. We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do. Customers do not need to take any action for these mitigations to work." |
11303 |
CVE-2018-11565 |
200 |
|
+Info |
2018-05-30 |
2018-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. |
11304 |
CVE-2018-11564 |
79 |
|
XSS |
2018-06-01 |
2018-07-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. |
11305 |
CVE-2018-11563 |
74 |
|
Exec Code |
2019-07-08 |
2019-08-14 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. |
11306 |
CVE-2018-11562 |
79 |
|
XSS |
2018-05-30 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. |
11307 |
CVE-2018-11561 |
190 |
|
Overflow |
2018-08-08 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets. |
11308 |
CVE-2018-11559 |
79 |
|
XSS |
2018-05-30 |
2018-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. |
11309 |
CVE-2018-11558 |
79 |
|
XSS |
2018-05-30 |
2018-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. |
11310 |
CVE-2018-11557 |
79 |
|
XSS |
2018-05-30 |
2018-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. |
11311 |
CVE-2018-11556 |
787 |
|
|
2018-05-30 |
2018-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. |
11312 |
CVE-2018-11555 |
787 |
|
|
2018-05-30 |
2018-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. |
11313 |
CVE-2018-11553 |
79 |
|
XSS |
2018-06-05 |
2018-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. |
11314 |
CVE-2018-11552 |
79 |
|
Exec Code XSS |
2018-06-01 |
2018-07-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. |
11315 |
CVE-2018-11549 |
79 |
|
XSS |
2018-05-29 |
2018-06-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. |
11316 |
CVE-2018-11548 |
20 |
|
|
2018-05-29 |
2018-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. |
11317 |
CVE-2018-11544 |
522 |
|
|
2018-05-29 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. |
11318 |
CVE-2018-11543 |
22 |
|
Dir. Trav. File Inclusion |
2018-07-09 |
2018-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. |
11319 |
CVE-2018-11538 |
352 |
|
Bypass CSRF |
2018-06-01 |
2018-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. |
11320 |
CVE-2018-11537 |
20 |
|
Bypass |
2018-06-19 |
2018-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. |
11321 |
CVE-2018-11532 |
79 |
|
XSS |
2018-05-29 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. |
11322 |
CVE-2018-11529 |
416 |
|
DoS Exec Code |
2018-07-11 |
2018-10-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. |
11323 |
CVE-2018-11527 |
352 |
|
CSRF |
2018-05-29 |
2018-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. |
11324 |
CVE-2018-11526 |
74 |
|
|
2018-06-19 |
2018-08-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. |
11325 |
CVE-2018-11525 |
74 |
|
|
2018-06-19 |
2018-08-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. |
11326 |
CVE-2018-11522 |
79 |
|
XSS |
2018-06-01 |
2018-07-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Yosoro 1.0.4 has stored XSS. |
11327 |
CVE-2018-11518 |
20 |
|
|
2018-05-30 |
2018-07-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). |
11328 |
CVE-2018-11517 |
200 |
|
+Info |
2018-05-28 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. |
11329 |
CVE-2018-11516 |
119 |
|
DoS Overflow |
2018-05-28 |
2018-07-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. |
11330 |
CVE-2018-11515 |
89 |
|
Sql |
2018-05-28 |
2018-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. |
11331 |
CVE-2018-11514 |
434 |
|
|
2018-05-28 |
2018-06-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. |
11332 |
CVE-2018-11512 |
79 |
|
XSS |
2018-05-28 |
2018-06-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. |
11333 |
CVE-2018-11510 |
78 |
|
Exec Code |
2018-06-28 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. |
11334 |
CVE-2018-11508 |
200 |
|
+Info |
2018-05-28 |
2019-01-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. |
11335 |
CVE-2018-11507 |
400 |
|
|
2018-05-28 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. |
11336 |
CVE-2018-11505 |
200 |
|
+Info |
2018-05-26 |
2018-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. |
11337 |
CVE-2018-11504 |
125 |
|
DoS |
2018-05-26 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. |
11338 |
CVE-2018-11503 |
125 |
|
DoS |
2018-05-26 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. |
11339 |
CVE-2018-11502 |
352 |
|
CSRF |
2018-08-24 |
2018-10-31 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. |
11340 |
CVE-2018-11501 |
352 |
|
XSS CSRF |
2018-05-26 |
2019-07-15 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. |
11341 |
CVE-2018-11500 |
352 |
|
CSRF |
2018-05-26 |
2018-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. |
11342 |
CVE-2018-11498 |
119 |
|
DoS Exec Code Overflow |
2018-05-26 |
2018-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution. |
11343 |
CVE-2018-11496 |
416 |
|
|
2018-05-26 |
2018-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. |
11344 |
CVE-2018-11495 |
22 |
|
Dir. Trav. |
2018-05-26 |
2018-06-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. |
11345 |
CVE-2018-11494 |
434 |
|
Exec Code Dir. Trav. |
2018-05-26 |
2018-06-29 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. |
11346 |
CVE-2018-11493 |
352 |
|
CSRF |
2018-05-26 |
2018-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. |
11347 |
CVE-2018-11490 |
119 |
|
DoS Overflow |
2018-05-26 |
2019-08-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. |
11348 |
CVE-2018-11489 |
119 |
|
DoS Overflow |
2018-05-26 |
2018-07-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. |
11349 |
CVE-2018-11488 |
770 |
|
DoS |
2018-05-29 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. |
11350 |
CVE-2018-11487 |
79 |
|
XSS |
2018-05-26 |
2018-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. |