CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2018-18652 Exec Code 2018-10-25 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
352 CVE-2018-18656 2018-10-26 2018-10-26
0.0
None ??? ??? ??? ??? ??? ???
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.
353 CVE-2018-18698 2018-12-24 2018-12-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.
354 CVE-2018-18713 Dir. Trav. 2018-10-29 2018-10-29
0.0
None ??? ??? ??? ??? ??? ???
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.
355 CVE-2018-18731 Overflow 2018-10-29 2018-10-29
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
356 CVE-2018-18732 Overflow 2018-10-29 2018-10-29
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
357 CVE-2018-18748 2018-10-29 2018-11-09
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality.
358 CVE-2018-18753 2018-10-29 2018-10-29
0.0
None ??? ??? ??? ??? ??? ???
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
359 CVE-2018-18767 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.
360 CVE-2018-18843 2018-12-04 2018-12-04
0.0
None ??? ??? ??? ??? ??? ???
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
361 CVE-2018-18865 2018-11-20 2018-11-20
0.0
None ??? ??? ??? ??? ??? ???
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
362 CVE-2018-18871 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).
363 CVE-2018-18888 2018-10-31 2018-10-31
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
364 CVE-2018-18920 Exec Code 2018-11-11 2018-11-11
0.0
None ??? ??? ??? ??? ??? ???
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
365 CVE-2018-18924 Exec Code 2018-11-04 2018-11-04
0.0
None ??? ??? ??? ??? ??? ???
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
366 CVE-2018-18925 Exec Code 2018-11-04 2018-11-04
0.0
None ??? ??? ??? ??? ??? ???
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
367 CVE-2018-18926 Exec Code 2018-11-04 2018-11-04
0.0
None ??? ??? ??? ??? ??? ???
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.
368 CVE-2018-18933 DoS +Info 2018-11-05 2018-11-17
0.0
None ??? ??? ??? ??? ??? ???
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue.
369 CVE-2018-18956 DoS 2018-11-05 2018-11-07
0.0
None ??? ??? ??? ??? ??? ???
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.
370 CVE-2018-18959 2018-12-24 2018-12-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot.
371 CVE-2018-18960 2018-12-24 2018-12-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.
372 CVE-2018-18980 2018-11-05 2018-11-05
0.0
None ??? ??? ??? ??? ??? ???
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.
373 CVE-2018-19036 Exec Code 2018-12-17 2018-12-17
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
374 CVE-2018-19047 2018-11-07 2018-11-07
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble."
375 CVE-2018-19052 Dir. Trav. 2018-11-07 2018-11-07
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
376 CVE-2018-19120 2018-11-29 2018-11-29
0.0
None ??? ??? ??? ??? ??? ???
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
377 CVE-2018-19127 Exec Code 2018-11-09 2018-11-09
0.0
None ??? ??? ??? ??? ??? ???
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
378 CVE-2018-19135 CSRF 2018-11-10 2018-11-15
0.0
None ??? ??? ??? ??? ??? ???
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.
379 CVE-2018-19148 2018-11-10 2018-11-10
0.0
None ??? ??? ??? ??? ??? ???
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.
380 CVE-2018-19203 2018-11-12 2018-11-12
0.0
None ??? ??? ??? ??? ??? ???
PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request.
381 CVE-2018-19234 Exec Code 2018-12-20 2018-12-20
0.0
None ??? ??? ??? ??? ??? ???
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.
382 CVE-2018-19244 +Info 2018-11-13 2018-11-13
0.0
None ??? ??? ??? ??? ??? ???
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked.
383 CVE-2018-19249 Bypass 2019-01-03 2019-01-03
0.0
None ??? ??? ??? ??? ??? ???
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction.
384 CVE-2018-19335 +Info CSRF 2018-11-20 2018-11-20
0.0
None ??? ??? ??? ??? ??? ???
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
385 CVE-2018-19358 2018-11-18 2018-11-18
0.0
None ??? ??? ??? ??? ??? ???
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used.
386 CVE-2018-19370 Exec Code 2018-11-28 2018-11-28
0.0
None ??? ??? ??? ??? ??? ???
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.
387 CVE-2018-19387 DoS 2018-11-20 2018-11-20
0.0
None ??? ??? ??? ??? ??? ???
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
388 CVE-2018-19417 Exec Code 2018-11-21 2018-11-21
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
389 CVE-2018-19505 2019-01-03 2019-01-03
0.0
None ??? ??? ??? ??? ??? ???
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
390 CVE-2018-19518 Exec Code 2018-11-25 2018-12-22
0.0
None ??? ??? ??? ??? ??? ???
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
391 CVE-2018-19520 Exec Code 2018-11-25 2018-11-25
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
392 CVE-2018-19522 2018-12-18 2018-12-18
0.0
None ??? ??? ??? ??? ??? ???
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.
393 CVE-2018-19523 2019-01-03 2019-01-03
0.0
None ??? ??? ??? ??? ??? ???
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.
394 CVE-2018-19548 2018-11-26 2018-11-26
0.0
None ??? ??? ??? ??? ??? ???
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
395 CVE-2018-19587 2018-11-27 2018-11-27
0.0
None ??? ??? ??? ??? ??? ???
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
396 CVE-2018-19608 2018-12-05 2018-12-05
0.0
None ??? ??? ??? ??? ??? ???
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
397 CVE-2018-19646 Exec Code 2018-11-28 2018-11-28
0.0
None ??? ??? ??? ??? ??? ???
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
398 CVE-2018-19653 2018-12-09 2018-12-09
0.0
None ??? ??? ??? ??? ??? ???
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
399 CVE-2018-19655 Overflow 2018-11-29 2018-11-29
0.0
None ??? ??? ??? ??? ??? ???
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
400 CVE-2018-19659 2018-12-06 2018-12-06
0.0
None ??? ??? ??? ??? ??? ???
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
Total number of vulnerabilities : 994   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.