CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2018-16797 119 Exec Code Overflow 2018-09-10 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value.
302 CVE-2018-16796 434 2018-09-13 2018-11-25
9.0
None Remote Low Single system Complete Complete Complete
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
303 CVE-2018-16794 918 2018-09-18 2018-11-20
5.0
None Remote Low Not required None Partial None
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
304 CVE-2018-16793 918 2018-09-21 2018-11-20
5.0
None Remote Low Not required None Partial None
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
305 CVE-2018-16790 125 2018-09-10 2019-10-02
5.8
None Remote Medium Not required Partial None Partial
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
306 CVE-2018-16786 79 XSS 2018-09-21 2018-11-08
4.3
None Remote Medium Not required None Partial None
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
307 CVE-2018-16785 2018-09-19 2018-09-19
0.0
None ??? ??? ??? ??? ??? ???
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
308 CVE-2018-16784 91 Exec Code 2018-09-21 2018-11-08
6.5
None Remote Low Single system Partial Partial Partial
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
309 CVE-2018-16782 119 Overflow 2018-09-10 2018-11-14
6.8
None Remote Medium Not required Partial Partial Partial
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.
310 CVE-2018-16781 20 DoS 2018-09-10 2018-10-30
4.3
None Remote Medium Not required None None Partial
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.
311 CVE-2018-16780 79 XSS 2018-09-10 2018-10-29
3.5
None Remote Medium Single system None Partial None
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.
312 CVE-2018-16779 79 XSS 2018-09-10 2018-11-13
4.3
None Remote Medium Not required None Partial None
BlogCMS through 2016-10-25 has XSS via a comment.
313 CVE-2018-16776 79 XSS 2018-09-10 2018-11-02
3.5
None Remote Medium Single system None Partial None
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.
314 CVE-2018-16775 79 XSS 2018-09-10 2018-11-09
3.5
None Remote Medium Single system None Partial None
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.
315 CVE-2018-16774 22 Dir. Trav. 2018-09-10 2018-09-24
6.4
None Remote Low Not required None Partial Partial
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
316 CVE-2018-16773 79 XSS 2018-09-10 2018-09-24
3.5
None Remote Medium Single system None Partial None
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
317 CVE-2018-16772 79 XSS 2018-09-10 2018-09-24
3.5
None Remote Medium Single system None Partial None
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
318 CVE-2018-16771 94 Exec Code 2018-09-10 2018-09-24
7.5
None Remote Low Not required Partial Partial Partial
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
319 CVE-2018-16770 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.
320 CVE-2018-16769 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.
321 CVE-2018-16768 119 DoS Overflow 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.
322 CVE-2018-16767 119 DoS Overflow 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
323 CVE-2018-16766 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
324 CVE-2018-16765 119 DoS Overflow 2018-09-10 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
325 CVE-2018-16764 125 DoS 2018-09-10 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
326 CVE-2018-16763 20 Exec Code 2018-09-09 2019-07-19
7.5
None Remote Low Not required Partial Partial Partial
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
327 CVE-2018-16762 89 Sql 2018-09-09 2018-10-29
7.5
None Remote Low Not required Partial Partial Partial
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
328 CVE-2018-16761 601 2018-09-09 2018-11-06
5.8
None Remote Medium Not required Partial Partial None
Eventum before 3.4.0 has an open redirect vulnerability.
329 CVE-2018-16759 79 XSS 2018-09-09 2018-11-07
4.3
None Remote Medium Not required None Partial None
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
330 CVE-2018-16752 1188 Exec Code 2018-09-20 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
331 CVE-2018-16750 772 2018-09-09 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
332 CVE-2018-16749 617 DoS 2018-09-09 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
333 CVE-2018-16745 119 Overflow 2018-09-13 2018-11-01
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
334 CVE-2018-16744 78 2018-09-13 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
335 CVE-2018-16743 119 Overflow 2018-09-13 2018-11-01
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
336 CVE-2018-16742 119 Overflow 2018-09-13 2018-11-01
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
337 CVE-2018-16741 78 2018-09-13 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
338 CVE-2018-16736 79 XSS 2018-09-09 2018-11-06
3.5
None Remote Medium Single system None Partial None
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
339 CVE-2018-16733 20 2018-09-08 2018-11-07
5.0
None Remote Low Not required None Partial None
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
340 CVE-2018-16732 352 CSRF 2018-09-08 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
341 CVE-2018-16731 434 2018-09-08 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
342 CVE-2018-16730 79 XSS 2018-09-08 2018-10-19
4.3
None Remote Medium Not required None Partial None
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
343 CVE-2018-16729 79 XSS 2018-09-12 2018-11-09
3.5
None Remote Medium Single system None Partial None
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
344 CVE-2018-16728 79 XSS 2018-09-12 2018-11-02
3.5
None Remote Medium Single system None Partial None
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.
345 CVE-2018-16727 79 XSS 2018-09-12 2018-11-02
3.5
None Remote Medium Single system None Partial None
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
346 CVE-2018-16726 79 XSS 2018-09-12 2018-11-02
3.5
None Remote Medium Single system None Partial None
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
347 CVE-2018-16725 79 XSS 2018-09-08 2018-10-26
4.3
None Remote Medium Not required None Partial None
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
348 CVE-2018-16724 89 Sql 2018-09-08 2018-10-26
7.5
None Remote Low Not required Partial Partial Partial
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
349 CVE-2018-16715 732 2018-09-08 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.
350 CVE-2018-16713 119 Overflow 2018-09-26 2018-12-27
6.8
None Remote Low Single system Complete None None
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction.
Total number of vulnerabilities : 1171   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.