| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
501 |
CVE-2018-16343 |
94 |
|
Exec Code |
2018-09-02 |
2018-11-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. |
|
502 |
CVE-2018-16342 |
79 |
|
XSS |
2018-09-02 |
2018-10-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
ShowDoc v1.8.0 has XSS via a new page. |
|
503 |
CVE-2018-16339 |
352 |
|
CSRF |
2018-09-02 |
2018-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. |
|
504 |
CVE-2018-16338 |
352 |
|
CSRF |
2018-09-02 |
2018-10-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. |
|
505 |
CVE-2018-16337 |
352 |
|
CSRF |
2018-09-02 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. |
|
506 |
CVE-2018-16336 |
125 |
|
DoS |
2018-09-02 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. |
|
507 |
CVE-2018-16335 |
787 |
|
DoS Overflow |
2018-09-02 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. |
|
508 |
CVE-2018-16334 |
78 |
|
|
2018-09-02 |
2018-10-25 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. |
|
509 |
CVE-2018-16333 |
119 |
|
Overflow |
2018-09-02 |
2018-10-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. |
|
510 |
CVE-2018-16332 |
352 |
|
CSRF |
2018-09-02 |
2018-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. |
|
511 |
CVE-2018-16331 |
352 |
|
CSRF |
2018-09-02 |
2018-10-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. |
|
512 |
CVE-2018-16330 |
79 |
|
XSS |
2018-09-02 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. |
|
513 |
CVE-2018-16329 |
476 |
|
|
2018-09-01 |
2018-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. |
|
514 |
CVE-2018-16328 |
476 |
|
|
2018-09-01 |
2018-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. |
|
515 |
CVE-2018-16327 |
79 |
|
XSS |
2018-09-01 |
2018-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. |
|
516 |
CVE-2018-16325 |
79 |
|
XSS |
2018-09-01 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. |
|
517 |
CVE-2018-16324 |
79 |
|
XSS |
2018-09-01 |
2018-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. |
|
518 |
CVE-2018-16323 |
200 |
|
+Info |
2018-09-01 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. |
|
519 |
CVE-2018-16320 |
22 |
|
Exec Code Dir. Trav. |
2018-09-01 |
2018-11-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. |
|
520 |
CVE-2018-16316 |
79 |
|
XSS |
2018-09-01 |
2018-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. |
|
521 |
CVE-2018-16315 |
352 |
|
CSRF |
2018-09-01 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. |
|
522 |
CVE-2018-16314 |
352 |
|
Bypass CSRF |
2018-09-01 |
2018-11-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. |
|
523 |
CVE-2018-16313 |
79 |
|
XSS |
2018-09-01 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Bludit 2.3.4 allows XSS via a user name. |
|
524 |
CVE-2018-16310 |
400 |
|
DoS |
2018-09-06 |
2019-10-03 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. |
|
525 |
CVE-2018-16308 |
1236 |
|
|
2018-09-01 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. |
|
526 |
CVE-2018-16307 |
200 |
|
+Info |
2018-09-05 |
2018-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. |
|
527 |
CVE-2018-16303 |
611 |
|
DoS |
2018-09-01 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. |
|
528 |
CVE-2018-16302 |
119 |
|
Overflow |
2018-09-01 |
2018-11-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. |
|
529 |
CVE-2018-16299 |
22 |
|
Dir. Trav. |
2018-09-24 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. |
|
530 |
CVE-2018-16288 |
200 |
|
+Info |
2018-09-14 |
2018-11-07 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. |
|
531 |
CVE-2018-16287 |
434 |
|
|
2018-09-14 |
2018-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. |
|
532 |
CVE-2018-16286 |
287 |
|
Bypass |
2018-09-14 |
2018-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. |
|
533 |
CVE-2018-16285 |
79 |
|
XSS |
2018-09-06 |
2018-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. |
|
534 |
CVE-2018-16283 |
22 |
|
Dir. Trav. |
2018-09-24 |
2018-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. |
|
535 |
CVE-2018-16282 |
78 |
|
Exec Code |
2018-09-20 |
2018-11-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. |
|
536 |
CVE-2018-16281 |
|
|
|
2018-09-21 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control. |
|
537 |
CVE-2018-16277 |
79 |
|
XSS |
2018-09-28 |
2018-11-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Image Import function in XWiki through 10.7 has XSS. |
|
538 |
CVE-2018-16261 |
295 |
|
|
2018-09-06 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. |
|
539 |
CVE-2018-16252 |
611 |
|
|
2018-09-05 |
2018-12-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. |
|
540 |
CVE-2018-16242 |
294 |
|
Bypass |
2018-09-14 |
2019-10-03 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. |
|
541 |
CVE-2018-16225 |
319 |
|
Bypass |
2018-09-18 |
2020-08-24 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera. |
|
542 |
CVE-2018-16152 |
347 |
|
|
2018-09-26 |
2019-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. |
|
543 |
CVE-2018-16151 |
347 |
|
|
2018-09-26 |
2019-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. |
|
544 |
CVE-2018-16148 |
79 |
|
XSS |
2018-09-05 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. |
|
545 |
CVE-2018-16147 |
79 |
|
XSS |
2018-09-05 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. |
|
546 |
CVE-2018-16146 |
78 |
|
|
2018-09-05 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account. |
|
547 |
CVE-2018-16145 |
732 |
|
|
2018-09-05 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. |
|
548 |
CVE-2018-16144 |
78 |
|
|
2018-09-05 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. |
|
549 |
CVE-2018-16059 |
22 |
|
Dir. Trav. |
2018-09-07 |
2019-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. |
|
550 |
CVE-2018-16055 |
78 |
|
Exec Code |
2018-09-26 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. |
