CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2018-11541 862 2018-07-09 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
1202 CVE-2018-11491 287 Exec Code 2018-07-25 2018-09-20
10.0
None Remote Low Not required Complete Complete Complete
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
1203 CVE-2018-11458 Exec Code 2018-12-12 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.
1204 CVE-2018-11457 Exec Code 2018-12-12 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.
1205 CVE-2018-11340 434 Exec Code 2018-05-21 2018-08-16
9.0
None Remote Low Single system Complete Complete Complete
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
1206 CVE-2018-11316 20 2018-07-03 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
1207 CVE-2018-11314 20 2018-07-03 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
1208 CVE-2018-11287 20 2018-09-20 2018-11-23
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.
1209 CVE-2018-11285 125 2018-09-20 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.
1210 CVE-2018-11241 Exec Code 2018-09-21 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
1211 CVE-2018-11240 275 Exec Code 2018-09-21 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.
1212 CVE-2018-11228 94 Exec Code 2018-06-07 2019-05-02
10.0
None Remote Low Not required Complete Complete Complete
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
1213 CVE-2018-11220 Exec Code 2018-05-31 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
1214 CVE-2018-11194 732 2018-06-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
1215 CVE-2018-11193 732 2018-06-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
1216 CVE-2018-11192 732 2018-06-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
1217 CVE-2018-11191 732 2018-06-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
1218 CVE-2018-11190 269 2018-06-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).
1219 CVE-2018-11189 78 2018-06-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).
1220 CVE-2018-11139 78 Exec Code 2018-05-31 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.
1221 CVE-2018-11138 78 Exec Code 2018-05-31 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
1222 CVE-2018-11134 640 2018-05-31 2018-06-29
9.0
None Remote Low Single system Complete Complete Complete
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
1223 CVE-2018-11132 77 Exec Code 2018-05-31 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.
1224 CVE-2018-11094 798 2018-05-15 2018-06-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
1225 CVE-2018-11091 434 Exec Code 2018-05-14 2018-06-20
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.
1226 CVE-2018-11066 Exec Code 2018-11-26 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
1227 CVE-2018-11061 Exec Code 2018-08-24 2019-10-09
9.0
None Remote Low Single system Complete Complete Complete
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.
1228 CVE-2018-11031 918 2018-05-13 2018-06-19
10.0
None Remote Low Not required Complete Complete Complete
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
1229 CVE-2018-11013 119 Exec Code Overflow 2018-05-13 2018-06-19
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
1230 CVE-2018-10997 89 Sql 2018-06-17 2018-08-14
10.0
None Remote Low Not required Complete Complete Complete
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
1231 CVE-2018-10996 119 DoS Exec Code Overflow 2018-05-12 2018-06-18
10.0
None Remote Low Not required Complete Complete Complete
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
1232 CVE-2018-10967 78 Exec Code 2018-05-18 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
1233 CVE-2018-10897 22 Dir. Trav. 2018-08-01 2018-11-30
9.3
None Remote Medium Not required Complete Complete Complete
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
1234 CVE-2018-10843 732 2018-07-02 2019-10-09
9.0
None Remote Low Single system Complete Complete Complete
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
1235 CVE-2018-10823 78 Exec Code 2018-10-17 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
1236 CVE-2018-10750 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1237 CVE-2018-10749 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1238 CVE-2018-10748 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1239 CVE-2018-10747 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1240 CVE-2018-10746 119 Exec Code Overflow Mem. Corr. 2018-05-04 2018-06-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1241 CVE-2018-10731 119 Overflow 2018-05-17 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).
1242 CVE-2018-10730 78 2018-05-17 2018-06-19
9.0
None Remote Low Single system Complete Complete Complete
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
1243 CVE-2018-10718 119 Exec Code Overflow 2018-05-03 2018-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
1244 CVE-2018-10698 255 2019-06-07 2019-06-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
1245 CVE-2018-10697 77 Exec Code 2019-06-07 2019-06-10
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
1246 CVE-2018-10682 287 Exec Code 2018-05-09 2018-06-18
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server.
1247 CVE-2018-10662 2018-06-26 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
1248 CVE-2018-10661 Bypass 2018-06-26 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
1249 CVE-2018-10660 78 2018-06-26 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
1250 CVE-2018-10636 119 Exec Code Overflow +Priv 2018-08-13 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.