CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2018-10267 352 CSRF 2018-04-21 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
1152 CVE-2018-10266 352 CSRF 2018-04-21 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
1153 CVE-2018-10265 352 CSRF 2018-04-21 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
1154 CVE-2018-10260 20 File Inclusion 2018-05-01 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
1155 CVE-2018-10258 94 Exec Code 2018-05-01 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
1156 CVE-2018-10257 94 Exec Code 2018-05-01 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
1157 CVE-2018-10256 89 Sql 2018-05-01 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
1158 CVE-2018-10255 94 Exec Code 2018-05-01 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
1159 CVE-2018-10254 119 DoS Overflow 2018-04-21 2018-05-17
6.8
None Remote Medium Not required Partial Partial Partial
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
1160 CVE-2018-10252 384 2018-05-14 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network.
1161 CVE-2018-10249 352 CSRF 2018-04-20 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
1162 CVE-2018-10236 94 Exec Code 2018-04-19 2018-05-22
6.5
None Remote Low Single system Partial Partial Partial
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file.
1163 CVE-2018-10235 94 Exec Code 2018-04-19 2018-05-22
6.5
None Remote Low Single system Partial Partial Partial
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file.
1164 CVE-2018-10233 352 CSRF 2018-04-23 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
1165 CVE-2018-10224 352 CSRF 2018-04-19 2018-05-17
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
1166 CVE-2018-10223 352 CSRF 2018-04-19 2018-05-17
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
1167 CVE-2018-10222 352 CSRF 2018-04-19 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
1168 CVE-2018-10220 918 File Inclusion 2018-04-19 2018-05-24
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation.
1169 CVE-2018-10194 119 DoS Overflow 2018-04-18 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
1170 CVE-2018-10188 352 CSRF 2018-04-19 2018-05-21
6.8
None Remote Medium Not required Partial Partial Partial
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
1171 CVE-2018-10185 352 CSRF 2018-04-17 2018-05-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.
1172 CVE-2018-10168 264 2018-05-03 2018-06-12
6.5
None Remote Low Single system Partial Partial Partial
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
1173 CVE-2018-10167 798 2018-05-03 2018-06-12
6.0
None Remote Medium Single system Partial Partial Partial
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.
1174 CVE-2018-10166 352 CSRF 2018-05-03 2018-06-12
6.8
None Remote Medium Not required Partial Partial Partial
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.
1175 CVE-2018-10137 352 CSRF 2018-04-16 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
1176 CVE-2018-10132 352 CSRF 2018-04-16 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
1177 CVE-2018-10127 352 CSRF 2018-04-16 2018-05-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
1178 CVE-2018-10120 119 DoS Overflow 2018-04-16 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.
1179 CVE-2018-10119 416 DoS 2018-04-16 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
1180 CVE-2018-10117 352 CSRF 2018-04-16 2018-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
1181 CVE-2018-10115 119 DoS Exec Code Overflow 2018-05-02 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
1182 CVE-2018-10114 119 DoS Overflow 2018-04-16 2018-05-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.
1183 CVE-2018-10112 119 DoS Overflow 2018-04-16 2018-05-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
1184 CVE-2018-10092 77 Exec Code 2018-05-22 2018-06-28
6.0
None Remote Medium Single system Partial Partial Partial
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
1185 CVE-2018-10086 284 Exec Code Bypass 2018-04-13 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
1186 CVE-2018-10084 310 Bypass 2018-04-13 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.
1187 CVE-2018-10083 22 Dir. Trav. 2018-04-13 2018-04-13
6.4
None Remote Low Not required None Partial Partial
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
1188 CVE-2018-10066 295 2018-04-13 2018-05-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
1189 CVE-2018-10063 77 Exec Code 2018-04-12 2018-05-17
6.8
None Remote Medium Not required Partial Partial Partial
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
1190 CVE-2018-10058 119 Exec Code Overflow 2018-06-05 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.
1191 CVE-2018-10054 20 Exec Code 2018-04-11 2018-05-22
6.5
None Remote Low Single system Partial Partial Partial
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.
1192 CVE-2018-10050 89 Sql 2018-04-11 2018-05-09
6.5
None Remote Low Single system Partial Partial Partial
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
1193 CVE-2018-10048 352 CSRF 2018-04-11 2018-05-09
6.8
None Remote Medium Not required Partial Partial Partial
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
1194 CVE-2018-10031 352 CSRF 2018-04-11 2018-04-13
6.8
None Remote Medium Not required Partial Partial Partial
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
1195 CVE-2018-10030 352 CSRF 2018-04-11 2018-04-13
6.8
None Remote Medium Not required Partial Partial Partial
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.
1196 CVE-2018-10018 119 Overflow 2018-07-13 2018-09-11
6.8
None Remote Medium Not required Partial Partial Partial
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.
1197 CVE-2018-9982 787 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483.
1198 CVE-2018-9981 824 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.
1199 CVE-2018-9977 416 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5427.
1200 CVE-2018-9975 416 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.