CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2018-19512 22 Exec Code Dir. Trav. 2019-03-21 2019-03-22
9.0
None Remote Low ??? Complete Complete Complete
In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.
3102 CVE-2018-19442 119 Exec Code Overflow 2019-04-25 2020-01-22
10.0
None Remote Low Not required Complete Complete Complete
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/messages Neato cloud URI on the nucleo.neatocloud.com web site (port 4443).
3103 CVE-2018-19418 77 Exec Code 2021-01-07 2021-01-13
9.3
None Remote Medium Not required Complete Complete Complete
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.
3104 CVE-2018-19417 119 Exec Code Overflow 2018-11-21 2019-02-04
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
3105 CVE-2018-19323 2018-12-21 2020-05-19
9.0
None Remote Low Not required Partial Partial Complete
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
3106 CVE-2018-19300 20 Exec Code 2019-04-11 2019-04-12
10.0
None Remote Low Not required Complete Complete Complete
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.
3107 CVE-2018-19282 400 DoS 2019-04-04 2019-04-09
10.0
None Remote Low Not required Complete Complete Complete
Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.
3108 CVE-2018-19276 502 Exec Code 2019-03-21 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
3109 CVE-2018-19275 1188 2019-04-02 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system.
3110 CVE-2018-19239 78 Exec Code 2018-12-20 2019-01-14
9.0
None Remote Low ??? Complete Complete Complete
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
3111 CVE-2018-19234 494 Exec Code 2018-12-20 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.
3112 CVE-2018-19204 20 Exec Code 2018-11-12 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.
3113 CVE-2018-19168 78 Exec Code 2018-11-11 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.
3114 CVE-2018-19081 78 Exec Code 2018-11-07 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.
3115 CVE-2018-19073 78 Exec Code 2018-11-07 2018-12-11
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access.
3116 CVE-2018-19070 78 Exec Code 2018-11-07 2018-12-11
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action.
3117 CVE-2018-19069 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for the root user with a password of toor.
3118 CVE-2018-19067 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded [email protected] password for the factory~ account.
3119 CVE-2018-19064 521 2018-11-07 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.
3120 CVE-2018-19063 798 2018-11-07 2018-12-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.
3121 CVE-2018-19036 119 Exec Code Overflow 2018-12-17 2019-02-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
3122 CVE-2018-19025 294 Exec Code 2020-11-02 2020-11-12
10.0
None Remote Low Not required Complete Complete Complete
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
3123 CVE-2018-19007 78 2018-12-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
3124 CVE-2018-18931 269 +Priv 2019-10-29 2019-11-05
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command "shutdown -r -t 0" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further.
3125 CVE-2018-18864 79 XSS 2018-11-20 2018-12-31
9.3
None Remote Medium Not required Complete Complete Complete
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
3126 CVE-2018-18852 78 Exec Code 2019-06-18 2019-06-18
9.0
None Remote Low ??? Complete Complete Complete
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.
3127 CVE-2018-18850 Exec Code 2018-10-31 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
3128 CVE-2018-18753 918 2018-10-29 2019-01-28
10.0
None Remote Low Not required Complete Complete Complete
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
3129 CVE-2018-18748 2018-10-29 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality.
3130 CVE-2018-18729 787 Overflow +Info 2018-10-29 2019-10-03
9.0
None Remote Low Not required Partial Partial Complete
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.
3131 CVE-2018-18652 Exec Code 2018-10-25 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
3132 CVE-2018-18638 78 Exec Code 2018-10-24 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
3133 CVE-2018-18628 502 Exec Code 2018-10-23 2019-01-28
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.
3134 CVE-2018-18600 78 2018-12-31 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
3135 CVE-2018-18556 2018-12-17 2020-09-21
9.0
None Remote Low ??? Complete Complete Complete
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
3136 CVE-2018-18555 78 +Priv 2018-12-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.
3137 CVE-2018-18502 119 Overflow Mem. Corr. 2019-02-05 2019-02-07
10.0
None Remote Low Not required Complete Complete Complete
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.
3138 CVE-2018-18473 798 Exec Code 2019-03-21 2019-09-09
10.0
None Remote Low Not required Complete Complete Complete
A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.
3139 CVE-2018-18472 78 Exec Code 2019-06-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device.
3140 CVE-2018-18471 611 Exec Code 2019-06-19 2019-06-24
10.0
None Remote Low Not required Complete Complete Complete
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.
3141 CVE-2018-18439 119 Overflow 2018-11-20 2019-01-02
10.0
None Remote Low Not required Complete Complete Complete
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
3142 CVE-2018-18426 94 Exec Code 2018-10-17 2018-12-03
9.0
None Remote Low ??? Complete Complete Complete
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
3143 CVE-2018-18395 2018-10-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
3144 CVE-2018-18387 829 2018-10-29 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
3145 CVE-2018-18068 668 Exec Code 2019-04-04 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.
3146 CVE-2018-17990 78 Exec Code 2019-04-01 2019-04-02
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.
3147 CVE-2018-17953 2018-11-27 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
3148 CVE-2018-17932 294 2020-11-02 2020-11-12
10.0
None Remote Low Not required Complete Complete Complete
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
3149 CVE-2018-17930 787 Exec Code Overflow 2018-11-28 2020-09-18
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
3150 CVE-2018-17916 787 Exec Code Overflow 2018-11-02 2021-04-08
10.0
None Remote Low Not required Complete Complete Complete
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.