CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2018-20145 Bypass 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
202 CVE-2018-20131 2019-01-02 2019-01-07
0.0
None ??? ??? ??? ??? ??? ???
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.
203 CVE-2018-20129 Exec Code 2018-12-13 2018-12-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.
204 CVE-2018-20100 2019-01-02 2019-01-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.
205 CVE-2018-20071 2019-01-09 2019-01-09
0.0
None ??? ??? ??? ??? ??? ???
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
206 CVE-2018-20058 2018-12-11 2018-12-11
0.0
None ??? ??? ??? ??? ??? ???
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
207 CVE-2018-20050 DoS 2018-12-10 2018-12-10
0.0
None ??? ??? ??? ??? ??? ???
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
208 CVE-2018-19991 Bypass 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
209 CVE-2018-19983 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.
210 CVE-2018-19982 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.
211 CVE-2018-19960 +Info 2018-12-07 2018-12-07
0.0
None ??? ??? ??? ??? ??? ???
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
212 CVE-2018-19922 XSS 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.
213 CVE-2018-19911 Exec Code CSRF 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
214 CVE-2018-19908 Exec Code 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
215 CVE-2018-19876 2018-12-05 2018-12-05
0.0
None ??? ??? ??? ??? ??? ???
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
216 CVE-2018-19863 2018-12-22 2018-12-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.
217 CVE-2018-19854 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
218 CVE-2018-19853 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.
219 CVE-2018-19836 XSS Bypass 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
220 CVE-2018-19829 CSRF 2018-12-18 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
221 CVE-2018-19795 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device.
222 CVE-2018-19793 Exec Code 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.
223 CVE-2018-19792 DoS Overflow 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.
224 CVE-2018-19791 2018-12-03 2018-12-03
0.0
None ??? ??? ??? ??? ??? ???
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
225 CVE-2018-19788 Exec Code 2018-12-03 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
226 CVE-2018-19720 Exec Code 2019-01-18 2019-01-19
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
227 CVE-2018-19660 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
228 CVE-2018-19659 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
229 CVE-2018-19655 Overflow 2018-11-29 2018-11-29
0.0
None ??? ??? ??? ??? ??? ???
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
230 CVE-2018-19654 2018-11-29 2018-11-29
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.
231 CVE-2018-19653 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
232 CVE-2018-19646 Exec Code 2018-11-28 2018-11-28
0.0
None ??? ??? ??? ??? ??? ???
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
233 CVE-2018-19635 2019-01-22 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
234 CVE-2018-19634 2019-01-22 2019-01-24
0.0
None ??? ??? ??? ??? ??? ???
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
235 CVE-2018-19616 2018-12-26 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
236 CVE-2018-19615 XSS 2018-12-26 2018-12-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. /Security/Security.shtm has stored XSS via a /Security/cgi-bin/security URI.
237 CVE-2018-19608 2018-12-05 2018-12-05
0.0
None ??? ??? ??? ??? ??? ???
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
238 CVE-2018-19587 2018-11-27 2018-11-27
0.0
None ??? ??? ??? ??? ??? ???
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
239 CVE-2018-19550 2018-11-26 2018-11-26
0.0
None ??? ??? ??? ??? ??? ???
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
240 CVE-2018-19548 2018-11-26 2018-11-26
0.0
None ??? ??? ??? ??? ??? ???
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
241 CVE-2018-19523 2019-01-03 2019-01-03
0.0
None ??? ??? ??? ??? ??? ???
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.
242 CVE-2018-19522 2018-12-18 2018-12-18
0.0
None ??? ??? ??? ??? ??? ???
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.
243 CVE-2018-19520 Exec Code 2018-11-25 2018-11-25
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
244 CVE-2018-19518 Exec Code 2018-11-25 2018-12-22
0.0
None ??? ??? ??? ??? ??? ???
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
245 CVE-2018-19505 2019-01-03 2019-01-03
0.0
None ??? ??? ??? ??? ??? ???
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
246 CVE-2018-19417 Exec Code 2018-11-21 2018-11-21
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
247 CVE-2018-19411 2018-11-21 2018-11-21
0.0
None ??? ??? ??? ??? ??? ???
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.
248 CVE-2018-19410 File Inclusion 2018-11-21 2018-11-21
0.0
None ??? ??? ??? ??? ??? ???
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
249 CVE-2018-19387 DoS 2018-11-20 2018-11-20
0.0
None ??? ??? ??? ??? ??? ???
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
250 CVE-2018-19370 Exec Code 2018-11-28 2018-11-28
0.0
None ??? ??? ??? ??? ??? ???
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.
Total number of vulnerabilities : 986   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.