CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1601 CVE-2018-11416 415 DoS 2018-05-24 2018-06-26
6.8
None Remote Medium Not required Partial Partial Partial
jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
1602 CVE-2018-11414 89 Sql 2018-05-24 2018-06-25
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.
1603 CVE-2018-11406 352 CSRF 2018-06-13 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
1604 CVE-2018-11405 352 CSRF 2018-05-24 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
1605 CVE-2018-11392 434 Exec Code 2018-05-29 2018-12-11
6.5
None Remote Low Single system Partial Partial Partial
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.
1606 CVE-2018-11385 384 2018-06-13 2018-08-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
1607 CVE-2018-11378 119 Overflow 2018-05-22 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
1608 CVE-2018-11371 352 CSRF 2018-05-22 2018-07-02
6.8
None Remote Medium Not required Partial Partial Partial
SkyCaiji 1.2 allows CSRF to add an Administrator user.
1609 CVE-2018-11349 352 CSRF 2018-07-07 2018-09-05
6.8
None Remote Medium Not required Partial Partial Partial
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
1610 CVE-2018-11345 434 Exec Code 2018-05-21 2019-03-29
6.5
None Remote Low Single system Partial Partial Partial
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.
1611 CVE-2018-11341 22 Dir. Trav. 2018-05-21 2018-08-16
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
1612 CVE-2018-11323 264 2018-05-22 2018-06-22
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
1613 CVE-2018-11322 434 2018-05-22 2018-06-22
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
1614 CVE-2018-11311 798 2018-05-20 2018-06-26
6.4
None Remote Low Not required Partial Partial None
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
1615 CVE-2018-11278 125 2018-09-18 2018-11-09
6.6
None Local Low Not required Complete None Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.
1616 CVE-2018-11243 415 DoS 2018-05-18 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.
1617 CVE-2018-11235 254 Exec Code Dir. Trav. Bypass 2018-05-30 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
1618 CVE-2018-11231 89 Sql 2018-05-23 2018-06-26
6.8
None Remote Medium Not required Partial Partial Partial
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
1619 CVE-2018-11230 416 DoS 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.
1620 CVE-2018-11226 119 DoS Overflow 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
1621 CVE-2018-11225 119 DoS Overflow 2018-05-17 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
1622 CVE-2018-11188 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
1623 CVE-2018-11187 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
1624 CVE-2018-11186 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
1625 CVE-2018-11185 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
1626 CVE-2018-11184 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).
1627 CVE-2018-11183 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
1628 CVE-2018-11182 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
1629 CVE-2018-11181 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
1630 CVE-2018-11180 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
1631 CVE-2018-11179 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
1632 CVE-2018-11178 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
1633 CVE-2018-11177 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
1634 CVE-2018-11176 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
1635 CVE-2018-11175 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
1636 CVE-2018-11174 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).
1637 CVE-2018-11173 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).
1638 CVE-2018-11172 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).
1639 CVE-2018-11171 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).
1640 CVE-2018-11170 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).
1641 CVE-2018-11169 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).
1642 CVE-2018-11168 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).
1643 CVE-2018-11167 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).
1644 CVE-2018-11166 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
1645 CVE-2018-11165 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).
1646 CVE-2018-11164 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).
1647 CVE-2018-11163 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).
1648 CVE-2018-11162 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).
1649 CVE-2018-11161 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).
1650 CVE-2018-11160 77 2018-06-01 2018-06-08
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.