CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1901 CVE-2018-7809 640 2018-11-30 2018-12-28
6.4
None Remote Low Not required None Partial Partial
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.
1902 CVE-2018-7807 22 Dir. Trav. 2018-11-30 2018-12-28
6.5
None Remote Low Single system Partial Partial Partial
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
1903 CVE-2018-7806 22 Dir. Trav. 2018-11-30 2018-12-28
6.5
None Remote Low Single system Partial Partial Partial
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
1904 CVE-2018-7802 89 Sql 2018-12-24 2019-01-08
6.5
None Remote Low Single system Partial Partial Partial
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.
1905 CVE-2018-7798 345 2018-11-02 2018-12-13
6.4
None Remote Low Not required None Partial Partial
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.
1906 CVE-2018-7796 119 Overflow 2018-12-24 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability.
1907 CVE-2018-7777 20 2018-07-03 2018-08-28
6.5
None Remote Low Single system Partial Partial Partial
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.
1908 CVE-2018-7774 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.
1909 CVE-2018-7773 89 Sql 2018-07-03 2018-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.
1910 CVE-2018-7772 89 Sql 2018-07-03 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.
1911 CVE-2018-7771 22 Dir. Trav. 2018-07-03 2018-08-28
6.0
None Remote Medium Single system Partial Partial Partial
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree.
1912 CVE-2018-7769 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
1913 CVE-2018-7768 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.
1914 CVE-2018-7767 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.
1915 CVE-2018-7766 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
1916 CVE-2018-7765 89 Sql 2018-07-03 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.
1917 CVE-2018-7752 119 Overflow 2018-03-07 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
1918 CVE-2018-7748 94 Exec Code 2018-08-03 2018-10-05
6.5
None Remote Low Single system Partial Partial Partial
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
1919 CVE-2018-7735 89 Sql 2018-03-06 2018-03-26
6.5
None Remote Low Single system Partial Partial Partial
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.
1920 CVE-2018-7734 89 Sql 2018-03-06 2018-03-26
6.5
None Remote Low Single system Partial Partial Partial
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.
1921 CVE-2018-7733 352 CSRF 2018-03-06 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.
1922 CVE-2018-7720 352 CSRF 2018-03-07 2018-03-28
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.
1923 CVE-2018-7711 347 2018-03-05 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
1924 CVE-2018-7702 306 2018-03-14 2018-04-06
6.4
None Remote Low Not required Partial Partial None
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
1925 CVE-2018-7700 352 Exec Code CSRF 2018-03-27 2018-04-19
6.8
None Remote Medium Not required Partial Partial Partial
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
1926 CVE-2018-7677 352 CSRF 2018-03-14 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
1927 CVE-2018-7643 190 DoS Overflow 2018-03-02 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
1928 CVE-2018-7641 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
1929 CVE-2018-7640 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
1930 CVE-2018-7639 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
1931 CVE-2018-7638 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
1932 CVE-2018-7637 119 Overflow 2018-03-02 2018-03-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
1933 CVE-2018-7634 352 CSRF 2018-03-01 2018-03-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
1934 CVE-2018-7590 352 CSRF 2018-03-01 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
1935 CVE-2018-7589 415 2018-03-01 2018-03-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
1936 CVE-2018-7588 119 Overflow 2018-03-01 2018-03-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
1937 CVE-2018-7587 119 Overflow 2018-03-01 2018-03-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
1938 CVE-2018-7579 89 Sql 2018-03-01 2018-03-22
6.5
None Remote Low Single system Partial Partial Partial
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
1939 CVE-2018-7565 352 CSRF 2018-03-07 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists on Polycom QDX 6000 devices.
1940 CVE-2018-7562 434 Exec Code 2018-03-12 2018-04-11
6.0
None Remote Medium Single system Partial Partial Partial
A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.
1941 CVE-2018-7556 200 +Info 2018-02-28 2018-03-23
6.4
None Remote Low Not required Partial Partial None
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
1942 CVE-2018-7544 134 DoS Exec Code +Info 2018-03-16 2018-04-10
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
1943 CVE-2018-7541 264 DoS +Priv 2018-02-27 2018-11-13
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
1944 CVE-2018-7528 89 Sql 2018-03-22 2018-04-18
6.4
None Remote Low Not required Partial Partial None
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.
1945 CVE-2018-7527 119 Overflow 2018-04-26 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
1946 CVE-2018-7524 352 CSRF 2018-03-22 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.
1947 CVE-2018-7511 20 Exec Code Overflow 2018-03-20 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.
1948 CVE-2018-7509 787 Exec Code Mem. Corr. 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
1949 CVE-2018-7507 119 Exec Code Overflow 2018-05-04 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
1950 CVE-2018-7495 22 Dir. Trav. 2018-05-15 2018-06-18
6.4
None Remote Low Not required None Partial Partial
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.