The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-11517 | mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | MEDIUM | May 28, 2018 |
CVE-2018-11516 | The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | MEDIUM | May 28, 2018 |
CVE-2018-11515 | The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | MEDIUM | May 28, 2018 |
CVE-2018-11514 | PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | MEDIUM | May 28, 2018 |
CVE-2018-11512 | Stored cross-site scripting (XSS) vulnerability in the Website's name field found in the Settings page under the General menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. | LOW | May 28, 2018 |
CVE-2018-11511 | The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the \'album_id\' or \'scope\' parameter via a photo-gallery/api/album/tree_lists/ URI. | HIGH | Aug 17, 2018 |
CVE-2018-11510 | The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the \'script\' parameter. | MEDIUM | Jun 28, 2018 |
CVE-2018-11509 | ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | HIGH | Aug 17, 2018 |
CVE-2018-11508 | The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | LOW | May 28, 2018 |
CVE-2018-11507 | An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. | MEDIUM | May 28, 2018 |
CVE-2018-11506 | The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | HIGH | May 28, 2018 |
CVE-2018-11505 | The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | MEDIUM | May 26, 2018 |
CVE-2018-11504 | The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | MEDIUM | May 26, 2018 |
CVE-2018-11503 | The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | MEDIUM | May 26, 2018 |
CVE-2018-11502 | An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | MEDIUM | Aug 24, 2018 |
CVE-2018-11501 | PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | MEDIUM | May 26, 2018 |
CVE-2018-11500 | An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list that can add an admin account. | MEDIUM | May 26, 2018 |
CVE-2018-11499 | A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. | HIGH | May 26, 2018 |
CVE-2018-11498 | In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution. | MEDIUM | May 26, 2018 |
CVE-2018-11496 | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. | MEDIUM | May 26, 2018 |
CVE-2018-11495 | OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in adminmodelcatalogdownload.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. | MEDIUM | May 26, 2018 |
CVE-2018-11494 | The program extension upload feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | MEDIUM | May 26, 2018 |
CVE-2018-11493 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. | MEDIUM | May 26, 2018 |
CVE-2018-11492 | ASUS HG100 devices allow denial of service via an IPv4 packet flood. | HIGH | Aug 10, 2018 |
CVE-2018-11491 | ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | HIGH | Jul 25, 2018 |
CVE-2018-11490 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain Private->RunningCode - 2 array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | MEDIUM | May 26, 2018 |
CVE-2018-11489 | The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | MEDIUM | May 26, 2018 |
CVE-2018-11488 | A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. | MEDIUM | May 29, 2018 |
CVE-2018-11487 | PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. | MEDIUM | May 26, 2018 |
CVE-2018-11486 | An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. | MEDIUM | Jun 1, 2018 |
CVE-2018-11485 | The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the referral_site cookie to have an XSS payload, and placing an order. | MEDIUM | Jun 1, 2018 |
CVE-2018-11482 | /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | HIGH | May 30, 2018 |
CVE-2018-11481 | TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. | MEDIUM | May 30, 2018 |
CVE-2018-11479 | The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.pipeWindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe. | HIGH | May 25, 2018 |
CVE-2018-11478 | An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network. | MEDIUM | May 30, 2018 |
CVE-2018-11477 | An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public. | LOW | May 30, 2018 |
CVE-2018-11476 | An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. | MEDIUM | May 30, 2018 |
CVE-2018-11475 | Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. | MEDIUM | May 25, 2018 |
CVE-2018-11474 | Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser. | MEDIUM | May 25, 2018 |
CVE-2018-11473 | Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). | MEDIUM | May 25, 2018 |
CVE-2018-11472 | Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). | MEDIUM | May 25, 2018 |
CVE-2018-11471 | Cockpit 0.5.5 has XSS via a collection, form, or region. | LOW | May 25, 2018 |
CVE-2018-11470 | iScripts eSwap v2.4 has SQL injection via the search.php 'Told' parameter in the User Panel. | MEDIUM | May 25, 2018 |
CVE-2018-11469 | Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | MEDIUM | May 25, 2018 |
CVE-2018-11468 | The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | MEDIUM | May 25, 2018 |
CVE-2018-11466 | A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known | HIGH | Dec 14, 2018 |
CVE-2018-11465 | A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | HIGH | Dec 14, 2018 |
CVE-2018-11464 | A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. | MEDIUM | Dec 14, 2018 |
CVE-2018-11463 | A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | MEDIUM | Dec 14, 2018 |
CVE-2018-11462 | A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | HIGH | Dec 14, 2018 |