CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-17131 94 Exec Code 2018-09-17 2018-11-01
6.5
None Remote Low Single system Partial Partial Partial
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
402 CVE-2018-17125 22 Dir. Trav. 2018-09-17 2018-11-19
6.4
None Remote Low Not required None Partial Partial
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
403 CVE-2018-17106 119 Overflow 2018-09-16 2018-11-28
6.4
None Remote Low Not required None Partial Partial
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname.
404 CVE-2018-17104 352 CSRF 2018-09-16 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
405 CVE-2018-17103 352 CSRF 2018-09-16 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.
406 CVE-2018-17102 352 CSRF 2018-09-16 2018-11-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.
407 CVE-2018-17101 787 DoS 2018-09-16 2018-12-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
408 CVE-2018-17100 190 DoS Overflow 2018-09-16 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
409 CVE-2018-17098 119 DoS Overflow 2018-09-16 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
410 CVE-2018-17097 415 DoS 2018-09-16 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
411 CVE-2018-17094 476 2018-09-16 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_unserialize in lib/archive.c.
412 CVE-2018-17093 476 2018-09-16 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been discovered in mackyle xar 1.6.1. There is a NULL pointer dereference in xar_get_path in lib/util.c.
413 CVE-2018-17088 190 Overflow 2018-09-16 2018-11-05
6.8
None Remote Medium Not required Partial Partial Partial
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.
414 CVE-2018-17076 119 Overflow 2018-09-15 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file.
415 CVE-2018-17045 352 CSRF 2018-09-14 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.
416 CVE-2018-17043 119 Overflow 2018-09-14 2018-11-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp.
417 CVE-2018-17037 264 2018-09-14 2018-11-02
6.5
None Remote Low Single system Partial Partial Partial
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.
418 CVE-2018-17030 94 Exec Code 2018-09-13 2018-11-07
6.0
None Remote Medium Single system Partial Partial Partial
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
419 CVE-2018-17023 352 CSRF 2018-09-13 2018-11-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
420 CVE-2018-16981 119 Overflow 2018-09-12 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
421 CVE-2018-16952 352 CSRF 2018-09-17 2018-12-07
6.8
None Remote Medium Not required Partial Partial Partial
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
422 CVE-2018-16951 352 Exec Code CSRF 2018-09-11 2018-11-02
6.0
None Remote Medium Single system Partial Partial Partial
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.
423 CVE-2018-16854 352 CSRF 2018-11-26 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in moodle before versions 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. The login form is not protected by a token to prevent login cross-site request forgery.
424 CVE-2018-16842 125 DoS 2018-10-31 2018-12-07
6.4
None Remote Low Not required Partial None Partial
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
425 CVE-2018-16802 264 Exec Code 2018-09-10 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
426 CVE-2018-16797 119 Exec Code Overflow 2018-09-10 2018-11-28
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value.
427 CVE-2018-16792 611 2018-12-05 2018-12-31
6.4
None Remote Low Not required Partial Partial None
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
428 CVE-2018-16784 91 Exec Code 2018-09-21 2018-11-08
6.5
None Remote Low Single system Partial Partial Partial
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
429 CVE-2018-16782 119 Overflow 2018-09-10 2018-11-14
6.8
None Remote Medium Not required Partial Partial Partial
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.
430 CVE-2018-16774 22 Dir. Trav. 2018-09-10 2018-09-24
6.4
None Remote Low Not required None Partial Partial
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
431 CVE-2018-16770 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.
432 CVE-2018-16769 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.
433 CVE-2018-16768 119 DoS Overflow 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.
434 CVE-2018-16767 119 DoS Overflow 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
435 CVE-2018-16766 20 DoS 2018-09-10 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
436 CVE-2018-16765 119 DoS Overflow 2018-09-10 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
437 CVE-2018-16764 119 DoS Overflow 2018-09-10 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
438 CVE-2018-16732 352 CSRF 2018-09-08 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
439 CVE-2018-16715 275 2018-09-08 2018-11-07
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.
440 CVE-2018-16713 119 Overflow 2018-09-26 2018-12-27
6.8
None Remote Low Single system Complete None None
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction.
441 CVE-2018-16712 200 +Info 2018-09-26 2018-12-27
6.8
None Remote Low Single system Complete None None
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory.
442 CVE-2018-16711 119 Overflow 2018-09-26 2018-12-11
6.5
None Remote Low Single system Partial Partial Partial
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input.
443 CVE-2018-16710 200 DoS +Info 2018-09-07 2018-11-14
6.4
None Remote Low Not required Partial None Partial
** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough."
444 CVE-2018-16650 352 CSRF 2018-09-07 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
phpMyFAQ before 2.9.11 allows CSRF.
445 CVE-2018-16634 352 CSRF 2018-12-04 2018-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
446 CVE-2018-16604 94 Exec Code 2018-09-06 2018-11-14
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").
447 CVE-2018-16601 191 DoS Exec Code 2018-12-06 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
448 CVE-2018-16585 119 Overflow Mem. Corr. 2018-09-06 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
449 CVE-2018-16554 20 2018-09-15 2018-11-05
6.8
None Remote Medium Not required Partial Partial Partial
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
450 CVE-2018-16552 352 CSRF 2018-09-05 2018-10-25
6.8
None Remote Medium Not required Partial Partial Partial
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.