CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2401 CVE-2018-14029 352 CSRF 2018-07-12 2018-09-06
6.8
None Remote Medium Not required Partial Partial Partial
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
2402 CVE-2018-14028 434 Exec Code 2018-08-10 2018-10-10
6.5
None Remote Low Single system Partial Partial Partial
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.
2403 CVE-2018-14014 352 CSRF 2018-07-12 2018-09-06
6.8
None Remote Medium Not required Partial Partial Partial
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
2404 CVE-2018-13993 352 CSRF 2019-05-07 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
2405 CVE-2018-13909 362 2019-06-14 2019-06-17
6.9
None Local Medium Not required Complete Complete Complete
Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
2406 CVE-2018-13906 20 2019-06-14 2019-06-18
6.4
None Remote Low Not required Partial Partial None
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
2407 CVE-2018-13875 125 2018-07-10 2018-09-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.
2408 CVE-2018-13833 119 DoS Overflow 2018-07-10 2018-09-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.
2409 CVE-2018-13826 611 2018-08-30 2018-10-31
6.4
None Remote Low Not required Partial Partial None
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
2410 CVE-2018-13814 20 2018-12-13 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
2411 CVE-2018-13808 200 +Info 2019-04-17 2019-07-11
6.4
None Remote Low Not required Partial None Partial
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known.
2412 CVE-2018-13799 2018-09-12 2019-10-09
6.4
None Remote Low Not required None Partial Partial
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.
2413 CVE-2018-13793 352 CSRF 2018-07-09 2018-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.
2414 CVE-2018-13790 918 2018-07-09 2018-09-07
6.5
None Remote Low Single system Partial Partial Partial
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
2415 CVE-2018-13784 2018-07-09 2019-10-02
6.4
None Remote Low Not required Partial Partial None
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
2416 CVE-2018-13445 352 CSRF 2018-07-08 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
2417 CVE-2018-13444 352 CSRF 2018-07-08 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.
2418 CVE-2018-13443 119 Overflow 2019-04-24 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.
2419 CVE-2018-13442 89 Sql 2019-07-16 2019-07-18
6.5
None Remote Low Single system Partial Partial Partial
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
2420 CVE-2018-13400 269 2018-10-23 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
2421 CVE-2018-13386 74 Exec Code 2018-07-24 2018-09-20
6.8
None Remote Medium Not required Partial Partial Partial
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.
2422 CVE-2018-13359 352 XSS 2018-11-27 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
2423 CVE-2018-13340 352 CSRF 2018-07-05 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.
2424 CVE-2018-13321 732 2018-11-26 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
2425 CVE-2018-13320 78 Exec Code 2018-11-26 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
2426 CVE-2018-13318 78 Exec Code 2018-11-26 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
2427 CVE-2018-13302 129 DoS 2018-07-05 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
2428 CVE-2018-13298 Exec Code 2019-04-01 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
2429 CVE-2018-13282 384 2018-10-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
2430 CVE-2018-13139 119 DoS Overflow 2018-07-04 2019-06-10
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
2431 CVE-2018-13102 426 2018-07-03 2018-09-11
6.8
None Remote Medium Not required Partial Partial Partial
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.
2432 CVE-2018-13067 352 CSRF 2018-07-02 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
2433 CVE-2018-13056 20 2018-07-02 2018-09-04
6.4
None Remote Low Not required None Partial Partial
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock.
2434 CVE-2018-13049 89 Sql 2018-07-02 2018-08-30
6.5
None Remote Low Single system Partial Partial Partial
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
2435 CVE-2018-13040 352 CSRF 2018-07-01 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
2436 CVE-2018-13037 119 DoS Overflow 2018-07-01 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact.
2437 CVE-2018-13032 352 CSRF 2018-07-01 2018-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.
2438 CVE-2018-13031 352 CSRF 2018-07-05 2018-08-27
6.8
None Remote Medium Not required Partial Partial Partial
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
2439 CVE-2018-13030 119 DoS Overflow 2018-06-30 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.
2440 CVE-2018-13024 434 Exec Code 2018-06-29 2018-08-24
6.5
None Remote Low Single system Partial Partial Partial
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
2441 CVE-2018-13012 494 Exec Code 2018-06-29 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server.
2442 CVE-2018-13010 352 CSRF 2018-06-29 2018-08-24
6.8
None Remote Medium Not required Partial Partial Partial
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.
2443 CVE-2018-12999 20 2018-06-29 2018-08-20
6.4
None Remote Low Not required None Partial Partial
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.
2444 CVE-2018-12995 94 Exec Code 2018-06-29 2018-08-20
6.5
None Remote Low Single system Partial Partial Partial
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.
2445 CVE-2018-12994 94 Exec Code 2018-06-29 2018-08-20
6.5
None Remote Low Single system Partial Partial Partial
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.
2446 CVE-2018-12983 125 2018-06-29 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.
2447 CVE-2018-12980 434 2018-07-12 2018-09-07
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
2448 CVE-2018-12977 89 Sql 2018-07-09 2018-09-05
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.
2449 CVE-2018-12940 434 Exec Code 2018-07-31 2018-10-01
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.
2450 CVE-2018-12912 89 Sql 2018-06-27 2018-08-20
6.5
None Remote Low Single system Partial Partial Partial
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.