CVE-2018-5704 CVSS:0.0
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. (Last Update:2018-01-16) (Publish Update:2018-01-16)
CVE-2018-5702 CVSS:0.0
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. (Last Update:2018-01-15) (Publish Update:2018-01-15)
CVE-2018-5700 CVSS:0.0
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. (Last Update:2018-01-14) (Publish Update:2018-01-14)
CVE-2018-5694 CVSS:0.0
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. (Last Update:2018-01-13) (Publish Update:2018-01-13)
CVE-2018-5479 CVSS:0.0
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed. (Last Update:2018-01-15) (Publish Update:2018-01-15)
CVE-2018-5371 CVSS:0.0
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. (Last Update:2018-01-12) (Publish Update:2018-01-12)
CVE-2018-5345 CVSS:0.0
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. (Last Update:2018-01-11) (Publish Update:2018-01-11)
CVE-2018-5299 CVSS:0.0
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution. (Last Update:2018-01-16) (Publish Update:2018-01-16)
CVE-2018-5262 CVSS:0.0
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account. (Last Update:2018-01-13) (Publish Update:2018-01-12)
CVE-2018-5221 CVSS:0.0
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property. (Last Update:2018-01-09) (Publish Update:2018-01-09)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by