CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2767 94 Exec Code 2018-08-26 2019-09-24
10.0
None Remote Low Not required Complete Complete Complete
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
2 CVE-2017-11563 119 Exec Code Overflow 2018-08-24 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.
3 CVE-2017-12574 798 2018-08-24 2018-11-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
4 CVE-2017-12577 798 Exec Code 2018-08-24 2018-11-05
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
5 CVE-2018-1722 Exec Code 2018-08-24 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
6 CVE-2018-3779 Exec Code 2018-08-10 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.
7 CVE-2018-3785 78 Exec Code 2018-08-17 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
8 CVE-2018-3786 78 Exec Code 2018-08-24 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.
9 CVE-2018-6692 787 Overflow Bypass 2018-08-21 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
10 CVE-2018-7058 287 +Priv Bypass 2018-08-06 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
11 CVE-2018-8273 787 Exec Code Overflow 2018-08-15 2021-09-13
10.0
None Remote Low Not required Complete Complete Complete
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
12 CVE-2018-8302 787 Exec Code Mem. Corr. 2018-08-15 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
13 CVE-2018-10369 79 XSS 2018-08-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
14 CVE-2018-10630 287 2018-08-10 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
15 CVE-2018-14007 22 Dir. Trav. 2018-08-15 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
Citrix XenServer 7.1 and newer allows Directory Traversal.
16 CVE-2018-14078 287 2018-08-20 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).
17 CVE-2018-14417 78 Exec Code 2018-08-04 2018-10-02
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
18 CVE-2018-14933 78 Exec Code 2018-08-04 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
19 CVE-2018-14943 798 2018-08-05 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
20 CVE-2018-15123 2018-08-13 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
21 CVE-2018-15124 326 2018-08-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
22 CVE-2018-15137 434 Exec Code 2018-08-08 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
23 CVE-2018-15350 1188 2018-08-17 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
24 CVE-2018-15353 119 Exec Code Overflow 2018-08-17 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
25 CVE-2018-15477 78 2018-08-30 2018-11-09
10.0
None Remote Low Not required Complete Complete Complete
myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.
26 CVE-2018-15808 798 Exec Code 2018-08-23 2018-10-26
10.0
None Remote Low Not required Complete Complete Complete
POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients.
27 CVE-2018-16158 798 2018-08-30 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
28 CVE-2016-7048 284 Exec Code 2018-08-20 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
29 CVE-2017-9001 Exec Code 2018-08-06 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
30 CVE-2017-15399 416 2018-08-28 2018-11-07
9.3
None Remote Medium Not required Complete Complete Complete
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
31 CVE-2018-5925 119 Exec Code Overflow 2018-08-13 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
32 CVE-2018-8344 94 Exec Code 2018-08-15 2018-09-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
33 CVE-2018-8346 94 Exec Code 2018-08-15 2018-10-18
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.
34 CVE-2018-8349 502 Exec Code 2018-08-15 2018-09-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
35 CVE-2018-8350 Exec Code 2018-08-15 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
36 CVE-2018-8375 Exec Code 2018-08-15 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.
37 CVE-2018-8376 Exec Code 2018-08-15 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.
38 CVE-2018-8379 Exec Code 2018-08-15 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375.
39 CVE-2018-8397 Exec Code 2018-08-15 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
40 CVE-2018-8414 20 Exec Code 2018-08-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
41 CVE-2018-10636 787 Exec Code Overflow +Priv 2018-08-13 2020-08-31
9.3
None Remote Medium Not required Complete Complete Complete
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
42 CVE-2018-10897 22 Dir. Trav. 2018-08-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
43 CVE-2018-11776 20 Exec Code 2018-08-22 2020-07-15
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
44 CVE-2018-14722 Exec Code 2018-08-15 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).
45 CVE-2018-14923 20 Exec Code 2018-08-03 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.
46 CVE-2018-15476 295 2018-08-30 2018-11-09
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware.
47 CVE-2018-15573 434 2018-08-20 2021-12-21
9.3
None Remote Medium Not required Complete Complete Complete
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability."
48 CVE-2017-11564 787 Exec Code 2018-08-24 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.
49 CVE-2017-12573 Exec Code 2018-08-24 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
50 CVE-2017-12576 668 Exec Code 2018-08-24 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
Total number of vulnerabilities : 1019   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.