CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2018-10528 787 Overflow 2018-04-29 2020-10-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
52 CVE-2018-10527 79 XSS 2018-04-28 2018-06-05
3.5
None Remote Medium ??? None Partial None
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI.
53 CVE-2018-10523 200 +Info 2018-04-27 2018-05-24
5.0
None Remote Low Not required Partial None None
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php.
54 CVE-2018-10522 200 +Info 2018-04-27 2018-05-24
4.0
None Remote Low ??? Partial None None
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_contents function.
55 CVE-2018-10521 434 2018-04-27 2018-05-24
4.0
None Remote Low ??? None None Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory.
56 CVE-2018-10520 732 2018-04-27 2019-10-03
8.5
None Remote Low ??? None Complete Complete
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
57 CVE-2018-10519 732 2018-04-27 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084.
58 CVE-2018-10518 732 2018-04-27 2019-10-03
8.5
None Remote Low ??? None Complete Complete
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories.
59 CVE-2018-10517 94 Exec Code 2018-04-27 2019-03-15
6.5
None Remote Low ??? Partial Partial Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
60 CVE-2018-10516 200 +Info 2018-04-27 2018-05-24
5.5
None Remote Low ??? Partial None Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
61 CVE-2018-10515 94 Exec Code 2018-04-27 2018-05-24
6.5
None Remote Low ??? Partial Partial Partial
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
62 CVE-2018-10504 1236 2018-04-27 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
63 CVE-2018-10503 352 CSRF 2018-04-27 2019-12-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
64 CVE-2018-10472 200 +Info 2018-04-27 2018-10-31
1.9
None Local Medium Not required Partial None None
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
65 CVE-2018-10471 787 DoS 2018-04-27 2018-10-31
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
66 CVE-2018-10469 434 2018-04-27 2018-06-04
7.5
None Remote Low Not required Partial Partial Partial
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
67 CVE-2018-10468 20 2018-04-28 2018-06-12
5.0
None Remote Low Not required Partial None None
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue.
68 CVE-2018-10431 78 Exec Code 2018-04-26 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
69 CVE-2018-10430 79 XSS 2018-04-26 2018-06-06
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.
70 CVE-2018-10429 94 Exec Code 2018-04-26 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.
71 CVE-2018-10425 Bypass 2018-04-26 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered.
72 CVE-2018-10424 200 +Info 2018-04-26 2018-10-30
4.0
None Remote Low ??? Partial None None
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
73 CVE-2018-10423 200 +Info 2018-04-26 2018-10-30
4.0
None Remote Low ??? Partial None None
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.
74 CVE-2018-10422 79 XSS 2018-04-26 2018-05-25
3.5
None Remote Medium ??? None Partial None
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
75 CVE-2018-10393 125 2018-04-26 2021-11-30
5.0
None Remote Low Not required None None Partial
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
76 CVE-2018-10392 125 DoS Overflow 2018-04-26 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
77 CVE-2018-10391 79 XSS 2018-04-26 2018-05-24
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
78 CVE-2018-10381 732 Exec Code 2018-04-26 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
79 CVE-2018-10376 190 Overflow 2018-04-25 2018-06-13
5.0
None Remote Low Not required None Partial None
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue.
80 CVE-2018-10375 434 Exec Code 2018-04-25 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code.
81 CVE-2018-10374 79 XSS 2018-04-25 2018-05-23
4.3
None Remote Medium Not required None Partial None
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
82 CVE-2018-10373 476 DoS 2018-04-25 2019-08-03
4.3
None Remote Medium Not required None None Partial
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
83 CVE-2018-10372 125 DoS 2018-04-25 2019-08-03
4.3
None Remote Medium Not required None None Partial
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
84 CVE-2018-10368 79 XSS 2018-04-25 2018-05-24
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
85 CVE-2018-10367 79 XSS 2018-04-25 2018-05-24
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
86 CVE-2018-10366 79 XSS 2018-04-25 2018-05-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
87 CVE-2018-10364 79 XSS 2018-04-30 2018-06-05
3.5
None Remote Medium ??? None Partial None
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
88 CVE-2018-10362 287 2018-04-25 2018-06-13
5.0
None Remote Low Not required Partial None None
An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.
89 CVE-2018-10361 668 +Priv 2018-04-25 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
90 CVE-2018-10329 79 XSS 2018-04-24 2018-05-25
4.3
None Remote Medium Not required None Partial None
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
91 CVE-2018-10328 798 2018-04-24 2018-08-30
3.3
None Local Network Low Not required Partial None None
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.
92 CVE-2018-10323 476 DoS 2018-04-24 2020-09-08
4.9
None Local Low Not required None None Complete
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
93 CVE-2018-10322 476 DoS 2018-04-24 2020-10-16
4.9
None Local Low Not required None None Complete
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
94 CVE-2018-10321 79 XSS 2018-04-24 2018-05-16
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
95 CVE-2018-10320 79 XSS 2018-04-24 2018-05-16
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
96 CVE-2018-10319 79 XSS 2018-04-24 2018-05-16
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
97 CVE-2018-10318 79 XSS 2018-04-24 2018-05-16
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
98 CVE-2018-10316 190 Overflow 2018-04-24 2020-07-13
4.3
None Remote Medium Not required None None Partial
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
99 CVE-2018-10313 79 XSS 2018-04-24 2018-05-23
3.5
None Remote Medium ??? None Partial None
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
100 CVE-2018-10312 352 CSRF 2018-04-24 2018-05-24
6.8
None Remote Medium Not required Partial Partial Partial
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
Total number of vulnerabilities : 1672   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.