CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2018-10776 20 DoS 2018-05-07 2018-06-12
6.8
None Remote Medium Not required Partial Partial Partial
The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact.
1702 CVE-2018-10760 434 Exec Code 2018-05-16 2018-06-19
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.
1703 CVE-2018-10738 89 Sql 2018-05-16 2018-06-15
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
1704 CVE-2018-10737 89 Sql 2018-05-16 2018-06-15
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
1705 CVE-2018-10736 89 Sql 2018-05-16 2018-06-15
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
1706 CVE-2018-10735 89 Sql 2018-05-16 2018-06-15
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
1707 CVE-2018-10728 119 Overflow 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).
1708 CVE-2018-10717 119 DoS Overflow 2018-05-03 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.
1709 CVE-2018-10713 119 Exec Code Overflow Mem. Corr. 2018-05-03 2018-06-12
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
1710 CVE-2018-10703 119 Exec Code Overflow 2019-06-07 2019-06-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.
1711 CVE-2018-10702 77 Exec Code 2019-06-07 2019-06-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.
1712 CVE-2018-10701 119 Exec Code Overflow 2019-06-07 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.
1713 CVE-2018-10699 77 Exec Code 2019-06-07 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
1714 CVE-2018-10696 352 CSRF 2019-06-07 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.
1715 CVE-2018-10695 119 Exec Code Overflow 2019-06-07 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.
1716 CVE-2018-10693 119 Exec Code Overflow 2019-06-07 2019-06-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.
1717 CVE-2018-10677 119 DoS Overflow 2018-05-02 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
1718 CVE-2018-10655 119 Overflow 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
1719 CVE-2018-10654 502 2018-05-23 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
1720 CVE-2018-10650 426 2018-05-23 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
1721 CVE-2018-10642 77 Exec Code 2018-05-02 2018-06-07
6.5
None Remote Low Single system Partial Partial Partial
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().
1722 CVE-2018-10641 255 2018-05-03 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext.
1723 CVE-2018-10637 119 Exec Code Overflow 2018-09-13 2018-11-26
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
1724 CVE-2018-10627 200 +Info 2018-07-24 2018-10-02
6.4
None Remote Low Not required Partial Partial None
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
1725 CVE-2018-10615 22 Dir. Trav. 2018-06-04 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
1726 CVE-2018-10614 611 2018-10-09 2018-12-27
6.8
None Remote Medium Not required Partial Partial Partial
An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files.
1727 CVE-2018-10610 787 2018-10-09 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project files.
1728 CVE-2018-10604 275 Exec Code 2018-07-24 2018-09-20
6.5
None Remote Low Single system Partial Partial Partial
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
1729 CVE-2018-10573 284 Bypass 2018-04-30 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
1730 CVE-2018-10572 284 Bypass 2018-04-30 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
1731 CVE-2018-10549 125 2018-04-29 2018-12-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.
1732 CVE-2018-10537 119 Overflow 2018-04-29 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
1733 CVE-2018-10536 787 2018-04-29 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
1734 CVE-2018-10529 125 2018-04-28 2018-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
1735 CVE-2018-10528 125 Overflow 2018-04-28 2018-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
1736 CVE-2018-10519 264 2018-04-27 2018-05-25
6.5
None Remote Low Single system Partial Partial Partial
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.
1737 CVE-2018-10517 94 Exec Code 2018-04-27 2018-11-08
6.5
None Remote Low Single system Partial Partial Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
1738 CVE-2018-10515 94 Exec Code 2018-04-27 2018-05-24
6.5
None Remote Low Single system Partial Partial Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
1739 CVE-2018-10511 918 2018-08-15 2018-10-23
6.4
None Remote Low Not required Partial Partial None
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
1740 CVE-2018-10508 264 2018-06-12 2018-08-01
6.5
None Remote Low Single system Partial Partial Partial
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.
1741 CVE-2018-10504 74 2018-04-27 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
1742 CVE-2018-10503 352 CSRF 2018-04-27 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
1743 CVE-2018-10496 20 Exec Code 2018-09-24 2018-11-30
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326.
1744 CVE-2018-10495 704 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5586.
1745 CVE-2018-10494 119 Exec Code Overflow 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5493.
1746 CVE-2018-10491 787 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Bone Weight Modifier structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5423.
1747 CVE-2018-10490 125 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5422.
1748 CVE-2018-10489 787 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421.
1749 CVE-2018-10488 119 Exec Code Overflow 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Width structures. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5420.
1750 CVE-2018-10484 824 Exec Code 2018-05-17 2018-09-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.