CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2018-17143 20 2018-09-17 2019-03-28
5.0
None Remote Low Not required None None Partial
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
152 CVE-2018-17142 20 2018-09-17 2019-03-28
5.0
None Remote Low Not required None None Partial
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
153 CVE-2018-17141 20 Exec Code 2018-09-21 2018-11-15
7.5
None Remote Low Not required Partial Partial Partial
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
154 CVE-2018-17140 79 XSS 2018-09-17 2018-11-09
3.5
None Remote Medium Single system None Partial None
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
155 CVE-2018-17139 434 Exec Code 2018-09-17 2018-11-29
6.5
None Remote Low Single system Partial Partial Partial
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
156 CVE-2018-17138 79 XSS 2018-09-17 2018-11-08
3.5
None Remote Medium Single system None Partial None
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
157 CVE-2018-17137 Bypass 2018-09-17 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.
158 CVE-2018-17136 89 Sql 2018-09-17 2018-11-01
7.5
None Remote Low Not required Partial Partial Partial
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
159 CVE-2018-17134 94 Exec Code 2018-09-17 2018-11-01
6.5
None Remote Low Single system Partial Partial Partial
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
160 CVE-2018-17133 94 Exec Code 2018-09-17 2018-11-01
6.5
None Remote Low Single system Partial Partial Partial
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
161 CVE-2018-17132 94 Exec Code 2018-09-17 2018-11-01
6.5
None Remote Low Single system Partial Partial Partial
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
162 CVE-2018-17131 94 Exec Code 2018-09-17 2018-11-01
6.5
None Remote Low Single system Partial Partial Partial
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
163 CVE-2018-17130 79 XSS 2018-09-17 2018-11-01
3.5
None Remote Medium Single system None Partial None
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
164 CVE-2018-17129 89 Sql 2018-09-17 2018-11-09
4.0
None Remote Low Single system Partial None None
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
165 CVE-2018-17128 79 XSS 2018-09-17 2018-11-07
3.5
None Remote Medium Single system None Partial None
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
166 CVE-2018-17127 476 DoS 2018-09-17 2019-01-18
7.8
None Remote Low Not required None None Complete
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.
167 CVE-2018-17126 94 Exec Code 2018-09-17 2018-11-19
7.5
None Remote Low Not required Partial Partial Partial
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
168 CVE-2018-17125 22 Dir. Trav. 2018-09-17 2018-11-19
6.4
None Remote Low Not required None Partial Partial
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
169 CVE-2018-17113 79 XSS 2018-09-17 2018-11-09
4.3
None Remote Medium Not required None Partial None
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
170 CVE-2018-17111 2018-09-18 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.
171 CVE-2018-17110 89 Sql 2018-09-17 2018-11-09
7.5
None Remote Low Not required Partial Partial Partial
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
172 CVE-2018-17108 417 2018-09-16 2018-12-07
4.3
None Remote Medium Not required Partial None None
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application.
173 CVE-2018-17107 2018-09-24 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.
174 CVE-2018-17106 119 Overflow 2018-09-16 2018-11-28
6.4
None Remote Low Not required None Partial Partial
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname.
175 CVE-2018-17104 352 CSRF 2018-09-16 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
176 CVE-2018-17103 352 CSRF 2018-09-16 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.
177 CVE-2018-17102 352 CSRF 2018-09-16 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.
178 CVE-2018-17101 787 DoS 2018-09-16 2019-01-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
179 CVE-2018-17100 190 DoS Overflow 2018-09-16 2019-01-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
180 CVE-2018-17098 119 DoS Overflow 2018-09-16 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
181 CVE-2018-17097 415 DoS 2018-09-16 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
182 CVE-2018-17096 617 DoS 2018-09-16 2019-10-02
4.3
None Remote Medium Not required None None Partial
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
183 CVE-2018-17095 119 Overflow 2018-09-16 2019-01-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
184 CVE-2018-17094 476 2018-09-16 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_unserialize in lib/archive.c.
185 CVE-2018-17093 476 2018-09-16 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_get_path in lib/util.c.
186 CVE-2018-17092 89 Sql +Info 2018-09-16 2019-10-02
5.5
None Remote Low Single system Partial Partial None
An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user.
187 CVE-2018-17091 200 +Info 2018-09-16 2018-11-01
5.5
None Remote Low Single system Partial Partial None
An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt.
188 CVE-2018-17090 79 XSS 2018-09-16 2018-11-01
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags.
189 CVE-2018-17088 190 Overflow 2018-09-16 2018-11-05
6.8
None Remote Medium Not required Partial Partial Partial
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.
190 CVE-2018-17086 79 XSS 2018-09-16 2018-11-07
4.3
None Remote Medium Not required None Partial None
An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName.
191 CVE-2018-17085 79 XSS 2018-09-16 2018-11-07
4.3
None Remote Medium Not required None Partial None
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr.
192 CVE-2018-17082 79 XSS 2018-09-16 2019-08-19
4.3
None Remote Medium Not required None Partial None
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
193 CVE-2018-17081 352 CSRF 2018-09-26 2018-11-26
4.3
None Remote Medium Not required None Partial None
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
194 CVE-2018-17077 79 XSS Bypass 2018-09-15 2018-11-09
4.3
None Remote Medium Not required None Partial None
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed.
195 CVE-2018-17076 119 Overflow 2018-09-15 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file.
196 CVE-2018-17075 20 2018-09-15 2019-03-28
5.0
None Remote Low Not required None None Partial
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.
197 CVE-2018-17074 601 2018-09-15 2018-11-23
5.8
None Remote Medium Not required Partial Partial None
The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.
198 CVE-2018-17073 476 2018-09-15 2018-11-21
5.0
None Remote Low Not required None None Partial
wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image.
199 CVE-2018-17072 125 2018-09-15 2018-11-30
7.5
None Remote Low Not required Partial Partial Partial
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.
200 CVE-2018-17071 338 2018-09-18 2018-12-10
5.0
None Remote Low Not required Partial None None
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.
Total number of vulnerabilities : 1171   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.