CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000004 DoS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
2 CVE-2018-5958 DoS 2018-01-21 2018-01-21
0.0
None ??? ??? ??? ??? ??? ???
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.
3 CVE-2018-5957 DoS 2018-01-21 2018-01-21
0.0
None ??? ??? ??? ??? ??? ???
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.
4 CVE-2018-5956 DoS 2018-01-21 2018-01-21
0.0
None ??? ??? ??? ??? ??? ???
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.
5 CVE-2018-5955 2018-01-21 2018-01-21
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
6 CVE-2018-5786 DoS 2018-01-19 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
7 CVE-2018-5785 DoS Overflow 2018-01-19 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
8 CVE-2018-5784 DoS 2018-01-19 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
9 CVE-2018-5783 DoS 2018-01-19 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
10 CVE-2018-5776 XSS 2018-01-18 2018-01-18
0.0
None ??? ??? ??? ??? ??? ???
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
11 CVE-2018-5773 XSS 2018-01-18 2018-01-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.
12 CVE-2018-5772 DoS 2018-01-18 2018-01-18
0.0
None ??? ??? ??? ??? ??? ???
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.
13 CVE-2018-5766 DoS 2018-01-18 2018-01-18
0.0
None ??? ??? ??? ??? ??? ???
In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.
14 CVE-2018-5764 Bypass 2018-01-17 2018-01-17
0.0
None ??? ??? ??? ??? ??? ???
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
15 CVE-2018-5747 DoS 2018-01-17 2018-01-17
0.0
None ??? ??? ??? ??? ??? ???
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
16 CVE-2018-5728 +Info 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.
17 CVE-2018-5727 DoS Overflow 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
18 CVE-2018-5726 +Info 2018-01-16 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.
19 CVE-2018-5725 2018-01-16 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
20 CVE-2018-5724 2018-01-16 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
21 CVE-2018-5723 2018-01-16 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
22 CVE-2018-5721 Exec Code Overflow 2018-01-17 2018-01-17
0.0
None ??? ??? ??? ??? ??? ???
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.
23 CVE-2018-5715 XSS 2018-01-16 2018-01-19
0.0
None ??? ??? ??? ??? ??? ???
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
24 CVE-2018-5714 DoS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.
25 CVE-2018-5713 DoS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.
26 CVE-2018-5712 XSS 2018-01-16 2018-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
27 CVE-2018-5711 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
28 CVE-2018-5710 DoS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
29 CVE-2018-5709 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
30 CVE-2018-5706 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
31 CVE-2018-5704 Exec Code XSS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
32 CVE-2018-5703 DoS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
33 CVE-2018-5702 Exec Code 2018-01-15 2018-01-17
0.0
None ??? ??? ??? ??? ??? ???
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
34 CVE-2018-5700 Exec Code Dir. Trav. 2018-01-14 2018-01-14
0.0
None ??? ??? ??? ??? ??? ???
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
35 CVE-2018-5698 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.
36 CVE-2018-5697 Sql 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.
37 CVE-2018-5696 Sql 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.
38 CVE-2018-5695 Sql 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.
39 CVE-2018-5694 Exec Code 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.
40 CVE-2018-5693 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
41 CVE-2018-5692 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
42 CVE-2018-5691 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
43 CVE-2018-5690 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
44 CVE-2018-5689 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
45 CVE-2018-5688 XSS 2018-01-14 2018-01-17
0.0
None ??? ??? ??? ??? ??? ???
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
46 CVE-2018-5687 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
47 CVE-2018-5686 DoS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
48 CVE-2018-5685 DoS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
49 CVE-2018-5684 DoS 2018-01-13 2018-01-14
0.0
None ??? ??? ??? ??? ??? ???
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
50 CVE-2018-5682 2018-01-13 2018-01-14
0.0
None ??? ??? ??? ??? ??? ???
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
Total number of vulnerabilities : 806   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.