CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2018-19827 416 DoS 2018-12-03 2019-07-23
6.8
None Remote Medium Not required Partial Partial Partial
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
1652 CVE-2018-19793 Exec Code 2018-12-03 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.
1653 CVE-2018-19762 119 DoS Overflow 2018-11-29 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
1654 CVE-2018-19760 772 2018-11-29 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
1655 CVE-2018-19754 290 Bypass 2018-12-05 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Tarantella Enterprise before 3.11 allows bypassing Access Control.
1656 CVE-2018-19616 668 2018-12-26 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
1657 CVE-2018-19612 434 Exec Code 2019-05-24 2019-05-28
6.5
None Remote Low Single system Partial Partial Partial
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.
1658 CVE-2018-19601 918 2019-01-03 2019-01-10
6.5
None Remote Low Single system Partial Partial Partial
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
1659 CVE-2018-19576 284 2019-07-10 2019-07-11
6.4
None Remote Low Not required None Partial Partial
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
1660 CVE-2018-19569 285 2019-07-10 2019-07-11
6.5
None Remote Low Single system Partial Partial Partial
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
1661 CVE-2018-19562 434 Exec Code 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
1662 CVE-2018-19561 352 CSRF 2018-11-26 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
1663 CVE-2018-19555 352 CSRF 2018-11-26 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
1664 CVE-2018-19553 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php
1665 CVE-2018-19552 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.
1666 CVE-2018-19551 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.
1667 CVE-2018-19550 434 2018-11-26 2019-05-23
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
1668 CVE-2018-19549 89 Sql 2018-11-26 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.
1669 CVE-2018-19546 352 XSS CSRF 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
1670 CVE-2018-19545 352 CSRF 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
1671 CVE-2018-19543 125 2018-11-25 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
1672 CVE-2018-19541 125 2018-11-25 2019-10-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
1673 CVE-2018-19540 119 Overflow 2018-11-25 2019-10-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
1674 CVE-2018-19532 476 DoS 2018-11-25 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
1675 CVE-2018-19504 125 2018-11-23 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.
1676 CVE-2018-19503 119 Overflow 2018-11-23 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.
1677 CVE-2018-19502 119 Overflow 2018-11-23 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.
1678 CVE-2018-19499 502 Exec Code 2018-11-23 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
1679 CVE-2018-19492 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
1680 CVE-2018-19491 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
1681 CVE-2018-19490 119 Overflow 2018-11-23 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
1682 CVE-2018-19477 704 Bypass 2018-11-23 2019-04-25
6.8
None Remote Medium Not required Partial Partial Partial
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
1683 CVE-2018-19476 704 Bypass 2018-11-23 2019-04-25
6.8
None Remote Medium Not required Partial Partial Partial
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
1684 CVE-2018-19475 Bypass 2018-11-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
1685 CVE-2018-19462 94 Exec Code Sql 2019-06-07 2019-06-09
6.5
None Remote Low Single system Partial Partial Partial
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
1686 CVE-2018-19459 119 Overflow 2018-11-22 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
1687 CVE-2018-19457 434 Exec Code 2018-11-22 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
1688 CVE-2018-19453 434 2019-04-10 2019-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.
1689 CVE-2018-19452 416 Exec Code 2019-06-07 2019-06-10
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.
1690 CVE-2018-19451 77 Exec Code 2019-06-07 2019-06-10
6.8
None Remote Medium Not required Partial Partial Partial
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.
1691 CVE-2018-19450 77 Exec Code 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.
1692 CVE-2018-19449 787 Exec Code 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.
1693 CVE-2018-19448 787 Exec Code 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.
1694 CVE-2018-19447 119 Exec Code Overflow 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing the URI string. An attacker can leverage this to gain remote code execution.
1695 CVE-2018-19446 275 Exec Code 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution.
1696 CVE-2018-19445 77 Exec Code 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
1697 CVE-2018-19444 416 Exec Code 2019-06-17 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.
1698 CVE-2018-19436 89 Sql 2018-11-22 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
1699 CVE-2018-19435 89 Sql 2018-11-22 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
1700 CVE-2018-19434 89 Sql 2018-11-22 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.