CVE-2018-7188 CVSS:0.0
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. (Last Update:2018-02-16) (Publish Update:2018-02-16)
CVE-2018-6461 CVSS:0.0
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. (Last Update:2018-02-05) (Publish Update:2018-02-05)
CVE-2018-6186 CVSS:0.0
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. (Last Update:2018-02-06) (Publish Update:2018-02-01)
CVE-2018-5189 CVSS:7.2
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability. (Last Update:2018-01-31) (Publish Update:2018-01-11)
CVE-2018-1214 CVSS:0.0
Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1. (Last Update:2018-02-12) (Publish Update:2018-02-12)
CVE-2018-0517 CVSS:0.0
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (Last Update:2018-02-08) (Publish Update:2018-02-08)
CVE-2018-0516 CVSS:0.0
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (Last Update:2018-02-16) (Publish Update:2018-02-16)
CVE-2018-0515 CVSS:0.0
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (Last Update:2018-02-16) (Publish Update:2018-02-16)
CVE-2018-0507 CVSS:9.3
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (Last Update:2018-02-13) (Publish Update:2018-01-26)
CVE-2018-0125 CVSS:0.0
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170. (Last Update:2018-02-08) (Publish Update:2018-02-08)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com