The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-18890 | MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. | MEDIUM | Oct 31, 2018 |
CVE-2018-18888 | An issue was discovered in laravelCMS through 2018-04-02. \\app\\Http\\Controllers\\Backend\\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | HIGH | Oct 31, 2018 |
CVE-2018-18887 | S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | HIGH | Oct 31, 2018 |
CVE-2018-18886 | Helpy v2.1.0 has Stored XSS via the Ticket title. | -- | Jun 18, 2019 |
CVE-2018-18883 | An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. | HIGH | Nov 6, 2018 |
CVE-2018-18882 | A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | LOW | Mar 27, 2019 |
CVE-2018-18881 | A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. | MEDIUM | Mar 27, 2019 |
CVE-2018-18880 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | -- | Jun 18, 2019 |
CVE-2018-18879 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | -- | Jun 18, 2019 |
CVE-2018-18878 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | -- | Jun 18, 2019 |
CVE-2018-18877 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | -- | Jun 18, 2019 |
CVE-2018-18876 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | -- | Jun 18, 2019 |
CVE-2018-18875 | In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | -- | Jun 18, 2019 |
CVE-2018-18874 | nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the Upload File or Image feature, with a .php filename and Content-Type: application/octet-stream to the index.php?action=file_manager_upload URI. | HIGH | Oct 31, 2018 |
CVE-2018-18873 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | MEDIUM | Oct 31, 2018 |
CVE-2018-18872 | The Kieran O\'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. | LOW | May 13, 2019 |
CVE-2018-18871 | Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). | MEDIUM | Dec 20, 2018 |
CVE-2018-18869 | EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. | HIGH | Oct 31, 2018 |
CVE-2018-18868 | No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | MEDIUM | Oct 31, 2018 |
CVE-2018-18867 | An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | MEDIUM | Oct 31, 2018 |
CVE-2018-18865 | The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | MEDIUM | Nov 20, 2018 |
CVE-2018-18864 | Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | HIGH | Nov 20, 2018 |
CVE-2018-18863 | NGA ResourceLink 20.0.2.1 allows local file inclusion. | MEDIUM | Jun 19, 2019 |
CVE-2018-18862 | BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | MEDIUM | Mar 27, 2019 |
CVE-2018-18861 | Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | HIGH | Nov 20, 2018 |
CVE-2018-18860 | A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root. | HIGH | Nov 30, 2018 |
CVE-2018-18859 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the tun_path or tap_path pathname in a kextload() call. | HIGH | Nov 20, 2018 |
CVE-2018-18858 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the tun_path or tap_path pathname within a shell command. | HIGH | Nov 20, 2018 |
CVE-2018-18857 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the command_line parameter as a shell command. | HIGH | Nov 20, 2018 |
CVE-2018-18856 | Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the openvpncmd parameter as a shell command. | HIGH | Nov 20, 2018 |
CVE-2018-18854 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code). | MEDIUM | Oct 31, 2018 |
CVE-2018-18853 | Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits. | MEDIUM | Oct 31, 2018 |
CVE-2018-18852 | Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature\'s use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. | -- | Jun 18, 2019 |
CVE-2018-18850 | In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). | HIGH | Oct 30, 2018 |
CVE-2018-18849 | In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | LOW | Nov 11, 2018 |
CVE-2018-18845 | internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | MEDIUM | Mar 28, 2019 |
CVE-2018-18843 | The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | HIGH | Dec 4, 2018 |
CVE-2018-18842 | CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | MEDIUM | Oct 30, 2018 |
CVE-2018-18841 | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. | LOW | Oct 30, 2018 |
CVE-2018-18840 | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. | LOW | Oct 30, 2018 |
CVE-2018-18839 | An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says is intentional. | MEDIUM | Jun 18, 2019 |
CVE-2018-18838 | An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. | Medium | Jun 18, 2019 |
CVE-2018-18837 | An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. | Medium | Jun 19, 2019 |
CVE-2018-18836 | An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. | Medium | Jun 18, 2019 |
CVE-2018-18835 | upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | HIGH | Oct 30, 2018 |
CVE-2018-18834 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | HIGH | Oct 30, 2018 |
CVE-2018-18832 | admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. | HIGH | Oct 30, 2018 |
CVE-2018-18831 | An issue was discovered in com\\mingsoft\\cms\\action\\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. | MEDIUM | Oct 30, 2018 |
CVE-2018-18830 | An issue was discovered in com\\mingsoft\\basic\\action\\web\\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code. | HIGH | Oct 30, 2018 |
CVE-2018-18829 | There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. | MEDIUM | Oct 30, 2018 |