CVE List - 2018 / September
Showing 601 - 700 of 1169 CVEs for September 2018 (Page 7 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-16287 | 2018-09-14 | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. |
| CVE-2018-16288 | 2018-09-14 | LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. |
| CVE-2018-16706 | 2018-09-14 | LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. |
| CVE-2018-17061 | 2018-09-15 | BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results. |
| CVE-2018-17063 | 2018-09-15 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This... |
| CVE-2018-17064 | 2018-09-15 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This... |
| CVE-2018-17065 | 2018-09-15 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow... |
| CVE-2018-17066 | 2018-09-15 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This... |
| CVE-2018-17067 | 2018-09-15 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. |
| CVE-2018-17068 | 2018-09-15 | An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This... |
| CVE-2018-17069 | 2018-09-15 | An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. |
| CVE-2018-17070 | 2018-09-15 | An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. |
| CVE-2018-16554 | 2018-09-16 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because... |
| CVE-2018-17072 | 2018-09-16 | JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. |
| CVE-2018-17073 | 2018-09-16 | wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. |
| CVE-2018-17074 | 2018-09-16 | The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. |
| CVE-2018-17075 | 2018-09-16 | The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related... |
| CVE-2018-17076 | 2018-09-16 | GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. |
| CVE-2018-17077 | 2018-09-16 | An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. |
| CVE-2018-17082 | 2018-09-16 | The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket... |
| CVE-2018-17062 | 2018-09-16 | An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. |
| CVE-2018-17085 | 2018-09-16 | An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. |
| CVE-2018-17086 | 2018-09-16 | An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. |
| CVE-2018-17088 | 2018-09-16 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because... |
| CVE-2018-17090 | 2018-09-16 | An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. |
| CVE-2018-17091 | 2018-09-16 | An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. |
| CVE-2018-17092 | 2018-09-16 | An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The... |
| CVE-2018-17095 | 2018-09-16 | An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. |
| CVE-2018-17096 | 2018-09-16 | The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. |
| CVE-2018-17097 | 2018-09-16 | The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by... |
| CVE-2018-17098 | 2018-09-16 | The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact,... |
| CVE-2018-17100 | 2018-09-16 | An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact... |
| CVE-2018-17101 | 2018-09-16 | An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have... |
| CVE-2018-17102 | 2018-09-16 | An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. |
| CVE-2018-17103 | 2018-09-16 | An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending... |
| CVE-2018-17104 | 2018-09-16 | An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. |
| CVE-2018-17106 | 2018-09-16 | In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname. |
| CVE-2018-17108 | 2018-09-16 | The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. |
| CVE-2018-17110 | 2018-09-17 | Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. |
| CVE-2018-17113 | 2018-09-17 | App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. |
| CVE-2018-17125 | 2018-09-17 | CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. |
| CVE-2018-17126 | 2018-09-17 | CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. |
| CVE-2018-17127 | 2018-09-17 | blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. |
| CVE-2018-17128 | 2018-09-17 | A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. |
| CVE-2018-17129 | 2018-09-17 | MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. |
| CVE-2018-17130 | 2018-09-17 | PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, |
| CVE-2018-17131 | 2018-09-17 | admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. |
| CVE-2018-17132 | 2018-09-17 | admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. |
| CVE-2018-17133 | 2018-09-17 | admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. |
| CVE-2018-17134 | 2018-09-17 | admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. |
| CVE-2018-17136 | 2018-09-17 | zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. |
| CVE-2018-17137 | 2018-09-17 | Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. |
| CVE-2018-17138 | 2018-09-17 | The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. |
| CVE-2018-17139 | 2018-09-17 | UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg... |
| CVE-2018-17140 | 2018-09-17 | The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. |
| CVE-2018-17142 | 2018-09-17 | The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. |
| CVE-2018-17143 | 2018-09-17 | The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. |
| CVE-2017-15705 | 2018-09-17 | A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly... |
| CVE-2018-11780 | 2018-09-17 | A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. |
| CVE-2018-11781 | 2018-09-17 | Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. |
| CVE-2018-8041 | 2018-09-17 | Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. |
| CVE-2016-9045 | 2018-09-17 | A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send... |
| CVE-2018-11086 | 2018-09-17 | Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of... |
| CVE-2018-11088 | 2018-09-17 | Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of... |
| CVE-2018-1198 | 2018-09-17 | Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges... |
| CVE-2018-1223 | 2018-09-17 | Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could... |
| CVE-2017-14443 | 2018-09-17 | An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled... |
| CVE-2017-2777 | 2018-09-17 | An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An... |
| CVE-2018-14320 | 2018-09-17 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious... |
| CVE-2018-14630 | 2018-09-17 | moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text'... |
| CVE-2017-2874 | 2018-09-17 | An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow... |
| CVE-2018-14631 | 2018-09-17 | moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results... |
| CVE-2017-2854 | 2018-09-17 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who... |
| CVE-2017-2856 | 2018-09-17 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who... |
| CVE-2017-2857 | 2018-09-17 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who... |
| CVE-2017-2872 | 2018-09-17 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform... |
| CVE-2018-1000802 | 2018-09-18 | Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result... |
| CVE-2018-17153 | 2018-09-18 | It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an... |
| CVE-2018-16952 | 2018-09-18 | The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal... |
| CVE-2018-16953 | 2018-09-18 | The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in... |
| CVE-2018-16954 | 2018-09-18 | An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is... |
| CVE-2018-16955 | 2018-09-18 | The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely... |
| CVE-2018-16956 | 2018-09-18 | The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for... |
| CVE-2018-16957 | 2018-09-18 | The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be... |
| CVE-2018-16958 | 2018-09-18 | An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly... |
| CVE-2018-16959 | 2018-09-18 | An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the... |
| CVE-2018-14641 | 2018-09-18 | A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With... |
| CVE-2018-14642 | 2018-09-18 | An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always... |
| CVE-2018-7929 | 2018-09-18 | Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations. |
| CVE-2018-7991 | 2018-09-18 | Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data... |
| CVE-2018-11786 | 2018-09-18 | In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the... |
| CVE-2018-11787 | 2018-09-18 | In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part... |
| CVE-2018-13398 | 2018-09-18 | The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability. |
| CVE-2018-17175 | 2018-09-18 | In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that... |
| CVE-2017-15818 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could... |
| CVE-2017-15825 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access... |
| CVE-2017-15828 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists... |
| CVE-2017-15844 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized... |
| CVE-2018-11265 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in... |
| CVE-2018-11270 | 2018-09-18 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if... |