CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2018-20713 89 Sql 2019-01-15 2019-01-18
6.5
None Remote Low Single system Partial Partial Partial
Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404.
1302 CVE-2018-20678 89 Sql 2019-03-28 2019-03-28
6.5
None Remote Low Single system Partial Partial Partial
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
1303 CVE-2018-20618 119 Overflow 2018-12-31 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c.
1304 CVE-2018-20617 119 Overflow 2018-12-31 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.
1305 CVE-2018-20616 119 Overflow 2018-12-31 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.
1306 CVE-2018-20613 352 CSRF 2018-12-30 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
TEMMOKU T1.09 Beta allows admin/user/add CSRF.
1307 CVE-2018-20612 352 CSRF 2018-12-30 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.
1308 CVE-2018-20603 352 CSRF 2018-12-30 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.
1309 CVE-2018-20599 94 Exec Code 2018-12-30 2019-01-04
6.5
None Remote Low Single system Partial Partial Partial
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
1310 CVE-2018-20598 352 CSRF 2018-12-30 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
UCMS 1.4.7 has ?do=user_addpost CSRF.
1311 CVE-2018-20595 352 CSRF 2018-12-30 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.
1312 CVE-2018-20556 89 Exec Code Sql 2019-03-21 2019-05-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
1313 CVE-2018-20553 125 2018-12-28 2019-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
1314 CVE-2018-20552 125 2018-12-28 2019-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
1315 CVE-2018-20549 190 2018-12-28 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
1316 CVE-2018-20548 190 2018-12-28 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
1317 CVE-2018-20545 190 2018-12-28 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
1318 CVE-2018-20542 119 Overflow 2018-12-28 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).
1319 CVE-2018-20541 119 Overflow 2018-12-28 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).
1320 CVE-2018-20506 190 Exec Code Overflow 2019-04-03 2019-06-19
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
1321 CVE-2018-20468 74 Exec Code 2019-06-17 2019-06-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
1322 CVE-2018-20452 119 DoS Overflow 2018-12-25 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.
1323 CVE-2018-20429 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.
1324 CVE-2018-20428 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.
1325 CVE-2018-20427 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.
1326 CVE-2018-20426 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.
1327 CVE-2018-20425 476 2018-12-24 2019-01-04
6.8
None Remote Medium Not required Partial Partial Partial
libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.
1328 CVE-2018-20423 254 Bypass 2018-12-23 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
1329 CVE-2018-20422 264 Bypass 2018-12-23 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
1330 CVE-2018-20419 352 CSRF 2018-12-23 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
1331 CVE-2018-20352 416 DoS Exec Code 2019-06-10 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
1332 CVE-2018-20346 190 Exec Code Overflow 2018-12-21 2019-06-19
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
1333 CVE-2018-20337 119 DoS Overflow 2018-12-21 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
1334 CVE-2018-20330 190 Overflow 2018-12-21 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
1335 CVE-2018-20250 20 2019-02-05 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
1336 CVE-2018-20247 119 Overflow 2018-12-24 2019-01-10
6.8
None Remote Medium Not required Partial Partial Partial
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.
1337 CVE-2018-20230 119 DoS Overflow 2018-12-19 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
1338 CVE-2018-20228 352 CSRF 2018-12-19 2019-01-24
6.0
None Remote Medium Single system Partial Partial Partial
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
1339 CVE-2018-20227 22 Dir. Trav. 2018-12-19 2019-01-07
6.4
None Remote Low Not required None Partial Partial
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
1340 CVE-2018-20211 427 +Priv 2019-01-02 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).
1341 CVE-2018-20201 119 DoS Overflow 2018-12-18 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
1342 CVE-2018-20197 119 DoS Overflow 2018-12-17 2019-05-19
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.
1343 CVE-2018-20196 119 DoS Overflow 2018-12-17 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
1344 CVE-2018-20194 119 DoS Overflow 2018-12-17 2019-05-19
6.8
None Remote Medium Not required Partial Partial Partial
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case.
1345 CVE-2018-20188 352 CSRF 2018-12-17 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
1346 CVE-2018-20159 20 Exec Code 2018-12-15 2019-01-07
6.5
None Remote Low Single system Partial Partial Partial
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.
1347 CVE-2018-20156 20 Exec Code 2018-12-14 2019-01-07
6.5
None Remote Low Single system Partial Partial Partial
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.
1348 CVE-2018-20135 295 Exec Code 2019-06-07 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.
1349 CVE-2018-20128 22 Dir. Trav. 2018-12-13 2019-01-04
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.
1350 CVE-2018-20127 20 2018-12-13 2019-01-04
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.