CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2018-12114 352 CSRF 2018-06-14 2018-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
1502 CVE-2018-12112 119 DoS Overflow 2018-06-11 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
1503 CVE-2018-12110 89 Sql 2018-06-11 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
1504 CVE-2018-12109 119 DoS Overflow 2018-06-11 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.
1505 CVE-2018-12085 119 Overflow 2018-06-09 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
1506 CVE-2018-12053 22 Dir. Trav. 2018-06-08 2018-07-17
6.4
None Remote Low Not required None Partial Partial
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
1507 CVE-2018-12036 22 Dir. Trav. 2018-06-07 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
1508 CVE-2018-12035 787 Exec Code 2018-06-15 2018-08-01
6.8
None Remote Medium Not required Partial Partial Partial
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
1509 CVE-2018-12034 125 Exec Code 2018-06-15 2018-08-01
6.8
None Remote Medium Not required Partial Partial Partial
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
1510 CVE-2018-12028 284 2018-06-17 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
1511 CVE-2018-12027 264 2018-06-17 2018-10-21
6.5
None Remote Low Single system Partial Partial Partial
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
1512 CVE-2018-12021 200 +Info 2018-07-05 2019-05-16
6.8
None Remote Low Single system Complete None None
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
1513 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2019-03-29
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
1514 CVE-2018-11946 285 2018-11-27 2018-12-21
6.1
None Local Network Low Not required None Complete None
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.
1515 CVE-2018-11787 287 2018-09-18 2018-12-06
6.8
None Remote Medium Not required Partial Partial Partial
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.
1516 CVE-2018-11778 119 Overflow 2018-10-05 2019-01-08
6.5
None Remote Low Single system Partial Partial Partial
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0
1517 CVE-2018-11726 119 DoS Overflow 2018-06-19 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
1518 CVE-2018-11724 119 DoS Overflow 2018-06-19 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
1519 CVE-2018-11718 352 CSRF 2018-08-30 2018-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
1520 CVE-2018-11710 787 DoS 2018-06-04 2018-07-16
6.8
None Remote Medium Not required Partial Partial Partial
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
1521 CVE-2018-11707 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1522 CVE-2018-11706 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1523 CVE-2018-11705 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1524 CVE-2018-11704 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1525 CVE-2018-11703 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1526 CVE-2018-11702 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1527 CVE-2018-11701 119 Overflow 2018-06-19 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
1528 CVE-2018-11696 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
1529 CVE-2018-11695 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
1530 CVE-2018-11694 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
1531 CVE-2018-11685 119 Overflow 2018-06-04 2019-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
1532 CVE-2018-11684 119 Overflow 2018-06-04 2019-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
1533 CVE-2018-11683 119 Overflow 2018-06-04 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
1534 CVE-2018-11679 352 CSRF 2018-06-02 2018-07-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
1535 CVE-2018-11671 352 CSRF 2018-06-01 2018-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
1536 CVE-2018-11670 352 Exec Code CSRF 2018-06-01 2018-06-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
1537 CVE-2018-11643 89 Exec Code Sql 2018-07-03 2018-08-31
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
1538 CVE-2018-11640 611 DoS 2018-07-03 2018-09-07
6.4
None Remote Low Not required Partial None Partial
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).
1539 CVE-2018-11636 352 CSRF 2018-07-03 2018-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
1540 CVE-2018-11625 119 Overflow 2018-05-31 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
1541 CVE-2018-11624 416 2018-05-31 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
1542 CVE-2018-11623 704 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003.
1543 CVE-2018-11622 787 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873.
1544 CVE-2018-11619 416 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setFocus method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5417.
1545 CVE-2018-11618 416 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5416.
1546 CVE-2018-11617 416 Exec Code 2018-07-31 2018-09-26
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events for ComboBox fields. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5415.
1547 CVE-2018-11616 77 Exec Code 2018-08-30 2018-11-16
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543.
1548 CVE-2018-11614 264 Exec Code 2018-09-24 2018-11-30
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.
1549 CVE-2018-11595 119 DoS Overflow 2018-05-31 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
1550 CVE-2018-11577 19 2018-05-30 2019-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.