CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2018-7769 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
3102 CVE-2018-7768 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.
3103 CVE-2018-7767 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.
3104 CVE-2018-7766 89 Sql 2018-07-03 2018-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.
3105 CVE-2018-7765 89 Sql 2018-07-03 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.
3106 CVE-2018-7752 119 Overflow 2018-03-07 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
3107 CVE-2018-7748 94 Exec Code 2018-08-03 2018-10-05
6.5
None Remote Low Single system Partial Partial Partial
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
3108 CVE-2018-7735 89 Sql 2018-03-06 2018-03-26
6.5
None Remote Low Single system Partial Partial Partial
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes request.
3109 CVE-2018-7734 89 Sql 2018-03-06 2018-03-26
6.5
None Remote Low Single system Partial Partial Partial
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.
3110 CVE-2018-7733 352 CSRF 2018-03-06 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.
3111 CVE-2018-7720 352 CSRF 2018-03-07 2018-03-28
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery (CSRF) vulnerability exists in Western Bridge Cobub Razor 0.7.2 via /index.php?/user/createNewUser/, resulting in account creation.
3112 CVE-2018-7711 347 2018-03-05 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
3113 CVE-2018-7702 862 2018-03-14 2019-10-02
6.4
None Remote Low Not required Partial Partial None
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
3114 CVE-2018-7700 352 Exec Code CSRF 2018-03-27 2018-04-19
6.8
None Remote Medium Not required Partial Partial Partial
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
3115 CVE-2018-7677 352 CSRF 2018-03-14 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
3116 CVE-2018-7643 190 DoS Overflow 2018-03-02 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
3117 CVE-2018-7641 125 2018-03-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
3118 CVE-2018-7640 125 2018-03-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
3119 CVE-2018-7639 125 2018-03-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
3120 CVE-2018-7638 125 2018-03-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
3121 CVE-2018-7637 125 2018-03-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
3122 CVE-2018-7634 352 CSRF 2018-03-01 2018-03-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
3123 CVE-2018-7590 352 CSRF 2018-03-01 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
3124 CVE-2018-7589 415 2018-03-01 2019-06-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
3125 CVE-2018-7588 125 2018-03-01 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
3126 CVE-2018-7587 119 Overflow 2018-03-01 2019-06-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
3127 CVE-2018-7579 89 Sql 2018-03-01 2018-03-22
6.5
None Remote Low Single system Partial Partial Partial
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
3128 CVE-2018-7565 352 CSRF 2018-03-07 2018-03-26
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists on Polycom QDX 6000 devices.
3129 CVE-2018-7562 434 Exec Code 2018-03-12 2018-04-11
6.0
None Remote Medium Single system Partial Partial Partial
A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.
3130 CVE-2018-7556 200 +Info 2018-02-28 2018-03-23
6.4
None Remote Low Not required Partial Partial None
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
3131 CVE-2018-7544 134 DoS Exec Code +Info 2018-03-16 2018-04-10
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
3132 CVE-2018-7541 DoS +Priv 2018-02-27 2019-10-02
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
3133 CVE-2018-7528 89 Sql 2018-03-22 2019-10-09
6.4
None Remote Low Not required Partial Partial None
An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.
3134 CVE-2018-7527 119 Overflow 2018-04-26 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
3135 CVE-2018-7524 352 CSRF 2018-03-22 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.
3136 CVE-2018-7511 119 Exec Code Overflow 2018-03-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.
3137 CVE-2018-7509 787 Exec Code Mem. Corr. 2018-05-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution.
3138 CVE-2018-7507 119 Exec Code Overflow 2018-05-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
3139 CVE-2018-7495 22 Dir. Trav. 2018-05-15 2019-10-09
6.4
None Remote Low Not required None Partial Partial
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
3140 CVE-2018-7494 119 Exec Code Overflow 2018-05-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
3141 CVE-2018-7487 119 DoS Overflow 2018-02-26 2018-04-07
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.
3142 CVE-2018-7486 22 Exec Code Dir. Trav. 2018-02-26 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.
3143 CVE-2018-7466 94 2018-02-25 2018-03-29
6.0
None Remote Medium Single system Partial Partial Partial
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
3144 CVE-2018-7442 22 Dir. Trav. 2018-02-23 2018-03-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
3145 CVE-2018-7439 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
3146 CVE-2018-7438 125 2018-02-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
3147 CVE-2018-7437 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
3148 CVE-2018-7436 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.
3149 CVE-2018-7435 119 Overflow 2018-02-23 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
3150 CVE-2018-7407 704 Exec Code 2018-05-24 2018-06-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.