CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15901 CVE-2018-15728 94 Exec Code 2018-08-24 2019-09-26
9.0
None Remote Low Single system Complete Complete Complete
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2
15902 CVE-2018-15767 863 2018-11-30 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
15903 CVE-2018-15877 78 2018-08-26 2018-11-06
9.0
None Remote Low Single system Complete Complete Complete
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
15904 CVE-2018-15906 Exec Code 2019-03-21 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
15905 CVE-2018-16055 78 Exec Code 2018-09-26 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP.
15906 CVE-2018-16117 78 Exec Code 2019-06-20 2019-06-24
9.0
None Remote Low Single system Complete Complete Complete
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
15907 CVE-2018-16119 119 Exec Code Overflow 2019-06-20 2019-06-24
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.
15908 CVE-2018-16130 78 Exec Code 2018-11-27 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
15909 CVE-2018-16146 78 2018-09-05 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
15910 CVE-2018-16161 +Priv 2018-11-15 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
15911 CVE-2018-16194 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
15912 CVE-2018-16217 78 2019-05-29 2019-05-31
9.0
None Remote Low Single system Complete Complete Complete
The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.
15913 CVE-2018-16282 78 Exec Code 2018-09-20 2018-11-05
9.0
None Remote Low Single system Complete Complete Complete
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
15914 CVE-2018-16334 78 2018-09-01 2018-10-25
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
15915 CVE-2018-16367 284 2018-09-02 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
15916 CVE-2018-16408 269 Exec Code 2018-09-03 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
15917 CVE-2018-16651 74 2018-09-07 2018-11-14
9.0
None Remote Low Single system Complete Complete Complete
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
15918 CVE-2018-16660 78 Exec Code 2019-04-25 2019-04-29
9.0
None Remote Low Single system Complete Complete Complete
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
15919 CVE-2018-16752 1188 Exec Code 2018-09-20 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
15920 CVE-2018-16796 434 2018-09-13 2018-11-25
9.0
None Remote Low Single system Complete Complete Complete
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
15921 CVE-2018-17867 78 Exec Code 2018-10-01 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).
15922 CVE-2018-17990 78 Exec Code 2019-04-01 2019-04-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.
15923 CVE-2018-18387 829 2018-10-29 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
15924 CVE-2018-18426 94 Exec Code 2018-10-17 2018-12-03
9.0
None Remote Low Single system Complete Complete Complete
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
15925 CVE-2018-18555 78 +Priv 2018-12-17 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.
15926 CVE-2018-18556 2018-12-17 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
15927 CVE-2018-18729 787 Overflow +Info 2018-10-29 2019-10-02
9.0
None Remote Low Not required Partial Partial Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
15928 CVE-2018-18850 20 Exec Code 2018-10-30 2018-12-31
9.0
None Remote Low Single system Complete Complete Complete
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
15929 CVE-2018-18852 78 Exec Code 2019-06-18 2019-06-18
9.0
None Remote Low Single system Complete Complete Complete
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.
15930 CVE-2018-19070 78 Exec Code 2018-11-07 2018-12-11
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.
15931 CVE-2018-19073 78 Exec Code 2018-11-07 2018-12-11
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
15932 CVE-2018-19204 20 Exec Code 2018-11-12 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.
15933 CVE-2018-19239 78 Exec Code 2018-12-20 2019-01-14
9.0
None Remote Low Single system Complete Complete Complete
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
15934 CVE-2018-19323 2018-12-21 2019-10-02
9.0
None Remote Low Not required Partial Partial Complete
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
15935 CVE-2018-19537 434 Exec Code 2018-11-25 2018-12-28
9.0
None Remote Low Single system Complete Complete Complete
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
15936 CVE-2018-19586 22 Exec Code Dir. Trav. 2019-04-09 2019-04-11
9.0
None Remote Low Single system Complete Complete Complete
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.
15937 CVE-2018-19588 284 2019-07-11 2019-07-18
9.0
None Remote Low Single system Complete Complete Complete
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control.
15938 CVE-2018-19648 269 Exec Code 2019-03-27 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF.
15939 CVE-2018-19788 20 Exec Code 2018-12-03 2019-08-06
9.0
None Remote Low Single system Complete Complete Complete
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
15940 CVE-2018-19908 78 Exec Code 2018-12-06 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
15941 CVE-2018-19981 312 Bypass 2019-04-04 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
15942 CVE-2018-20057 78 Exec Code 2018-12-11 2018-12-31
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
15943 CVE-2018-20162 20 Exec Code Bypass 2019-03-21 2019-05-09
9.0
None Remote Low Single system Complete Complete Complete
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
15944 CVE-2018-20235 Exec Code 2019-03-08 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
15945 CVE-2018-20321 668 Exec Code +Priv 2019-04-10 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.
15946 CVE-2018-20487 20 2019-04-11 2019-04-12
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.
15947 CVE-2018-1000019 78 2018-02-09 2018-03-01
9.0
None Remote Low Single system Complete Complete Complete
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
15948 CVE-2018-1000504 601 File Inclusion 2018-06-26 2018-09-04
9.0
None Remote Low Single system Complete Complete Complete
Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.
15949 CVE-2018-1000857 22 Dir. Trav. 2018-12-20 2019-01-07
9.0
None Remote Low Single system Complete Complete Complete
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.
15950 CVE-2019-0193 287 2019-08-01 2019-10-10
9.0
None Remote Low Single system Complete Complete Complete
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.