CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2018-18419 79 XSS 2018-10-19 2018-12-04
3.5
None Remote Medium Single system None Partial None
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
202 CVE-2018-18417 79 XSS 2018-10-19 2018-12-04
3.5
None Remote Medium Single system None Partial None
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
203 CVE-2018-18416 79 XSS 2018-10-19 2018-12-04
3.5
None Remote Medium Single system None Partial None
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
204 CVE-2018-18409 125 DoS 2018-10-17 2019-05-13
4.3
None Remote Medium Not required None None Partial
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call.
205 CVE-2018-18408 416 DoS 2018-10-17 2019-03-29
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
206 CVE-2018-18407 125 DoS 2018-10-17 2019-03-29
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.
207 CVE-2018-18398 125 2018-10-19 2018-12-21
1.9
None Local Medium Not required None None Partial
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.
208 CVE-2018-18396 77 Exec Code 2018-10-19 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
209 CVE-2018-18395 287 2018-10-19 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
210 CVE-2018-18394 312 2018-10-19 2019-10-02
5.0
None Remote Low Not required Partial None None
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
211 CVE-2018-18393 2018-10-19 2019-10-02
5.0
None Remote Low Not required None Partial None
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
212 CVE-2018-18392 2018-10-19 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
213 CVE-2018-18391 2018-10-19 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
214 CVE-2018-18390 200 +Info 2018-10-19 2018-12-03
5.0
None Remote Low Not required Partial None None
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
215 CVE-2018-18389 287 2018-10-16 2019-01-18
7.5
None Remote Low Not required Partial Partial Partial
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
216 CVE-2018-18387 829 2018-10-29 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
217 CVE-2018-18386 704 2018-10-17 2019-04-23
2.1
None Local Low Not required None None Partial
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
218 CVE-2018-18385 835 DoS 2018-10-16 2019-10-02
5.0
None Remote Low Not required None None Partial
Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.
219 CVE-2018-18384 119 Overflow 2018-10-16 2019-04-02
4.3
None Remote Medium Not required None None Partial
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
220 CVE-2018-18382 20 Exec Code 2018-10-16 2019-01-22
6.5
None Remote Low Single system Partial Partial Partial
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
221 CVE-2018-18381 79 XSS 2018-10-16 2019-09-23
3.5
None Remote Medium Single system None Partial None
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
222 CVE-2018-18380 2018-10-19 2018-10-30
0.0
None ??? ??? ??? ??? ??? ???
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.
223 CVE-2018-18377 862 2018-10-15 2019-10-02
5.0
None Remote Low Not required None Partial None
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
224 CVE-2018-18376 200 +Info 2018-10-15 2018-12-06
5.0
None Remote Low Not required Partial None None
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
225 CVE-2018-18375 330 2018-10-15 2019-10-02
5.0
None Remote Low Not required Partial None None
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
226 CVE-2018-18374 79 XSS 2018-10-15 2018-11-27
3.5
None Remote Medium Single system None Partial None
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
227 CVE-2018-18373 79 XSS 2018-10-17 2019-09-09
3.5
None Remote Medium Single system None Partial None
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
228 CVE-2018-18372 79 XSS 2018-10-17 2018-12-03
4.3
None Remote Medium Not required None Partial None
A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter.
229 CVE-2018-18361 79 XSS 2018-10-15 2018-12-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.
230 CVE-2018-18329 476 Exec Code 2018-10-23 2018-12-04
7.2
None Local Low Not required Complete Complete Complete
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
231 CVE-2018-18328 476 Exec Code 2018-10-23 2018-12-04
7.2
None Local Low Not required Complete Complete Complete
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
232 CVE-2018-18327 476 Exec Code 2018-10-23 2018-12-04
7.2
None Local Low Not required Complete Complete Complete
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
233 CVE-2018-18324 79 XSS 2018-10-15 2018-12-04
4.3
None Remote Medium Not required None Partial None
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
234 CVE-2018-18323 22 Dir. Trav. File Inclusion 2018-10-15 2018-11-29
5.0
None Remote Low Not required Partial None None
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
235 CVE-2018-18322 78 2018-10-15 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
236 CVE-2018-18320 20 Exec Code 2018-10-15 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.
237 CVE-2018-18319 20 Exec Code 2018-10-15 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.
238 CVE-2018-18318 476 DoS 2018-10-15 2019-01-23
7.8
None Remote Low Not required None None Complete
The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.
239 CVE-2018-18317 352 CSRF 2018-10-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
240 CVE-2018-18316 352 CSRF 2018-10-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
241 CVE-2018-18315 434 2018-10-15 2019-01-11
5.0
None Remote Low Not required None Partial None
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
242 CVE-2018-18310 119 DoS Overflow 2018-10-14 2019-06-10
4.3
None Remote Medium Not required None None Partial
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
243 CVE-2018-18309 119 DoS Overflow 2018-10-14 2019-01-11
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.
244 CVE-2018-18308 79 XSS 2018-10-16 2019-04-12
4.3
None Remote Medium Not required None Partial None
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
245 CVE-2018-18307 79 XSS 2018-10-16 2018-11-21
4.3
None Remote Medium Not required None Partial None
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field.
246 CVE-2018-18296 79 XSS 2018-10-14 2018-11-28
4.3
None Remote Medium Not required None Partial None
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
247 CVE-2018-18291 79 XSS 2018-10-14 2018-12-04
4.3
None Remote Medium Not required None Partial None
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.
248 CVE-2018-18290 79 XSS 2018-10-14 2018-12-04
3.5
None Remote Medium Single system None Partial None
** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality.
249 CVE-2018-18289 200 +Info 2018-10-14 2018-12-06
5.0
None Remote Low Not required Partial None None
The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.
250 CVE-2018-18287 200 +Info 2018-10-14 2019-01-23
5.0
None Remote Low Not required Partial None None
On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.
Total number of vulnerabilities : 1473   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.