| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2018-10102 |
79 |
|
XSS |
2018-04-16 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. |
|
202 |
CVE-2018-10101 |
601 |
|
|
2018-04-16 |
2019-03-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. |
|
203 |
CVE-2018-10100 |
601 |
|
|
2018-04-16 |
2018-05-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. |
|
204 |
CVE-2018-10097 |
79 |
|
XSS |
2018-04-16 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter. |
|
205 |
CVE-2018-10096 |
79 |
|
XSS |
2018-04-13 |
2018-05-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request. |
|
206 |
CVE-2018-10087 |
20 |
|
DoS |
2018-04-13 |
2019-03-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. |
|
207 |
CVE-2018-10086 |
94 |
|
Exec Code Bypass |
2018-04-13 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions. |
|
208 |
CVE-2018-10085 |
502 |
|
Exec Code |
2018-04-13 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files. |
|
209 |
CVE-2018-10084 |
327 |
|
Bypass |
2018-04-13 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed. |
|
210 |
CVE-2018-10083 |
22 |
|
Dir. Trav. |
2018-04-13 |
2018-04-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter. |
|
211 |
CVE-2018-10082 |
200 |
|
+Info |
2018-04-13 |
2018-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. |
|
212 |
CVE-2018-10081 |
640 |
|
|
2018-04-13 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. |
|
213 |
CVE-2018-10080 |
345 |
|
|
2018-04-13 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. |
|
214 |
CVE-2018-10079 |
269 |
|
|
2018-04-20 |
2021-03-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml. |
|
215 |
CVE-2018-10078 |
79 |
|
XSS |
2018-04-20 |
2021-03-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description. |
|
216 |
CVE-2018-10077 |
611 |
|
|
2018-04-20 |
2021-03-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. |
|
217 |
CVE-2018-10074 |
476 |
|
DoS |
2018-04-12 |
2018-05-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval. |
|
218 |
CVE-2018-10073 |
79 |
|
XSS |
2018-04-12 |
2018-05-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. |
|
219 |
CVE-2018-10072 |
20 |
|
DoS |
2018-04-12 |
2018-10-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. |
|
220 |
CVE-2018-10071 |
20 |
|
DoS |
2018-04-12 |
2018-10-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. |
|
221 |
CVE-2018-10070 |
400 |
|
|
2018-04-16 |
2018-05-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. |
|
222 |
CVE-2018-10068 |
79 |
|
XSS |
2018-04-12 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The jDownloads extension before 3.2.59 for Joomla! has XSS. |
|
223 |
CVE-2018-10066 |
295 |
|
|
2018-04-13 |
2018-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). |
|
224 |
CVE-2018-10063 |
|
|
Exec Code |
2018-04-12 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file. |
|
225 |
CVE-2018-10061 |
79 |
|
XSS |
2018-04-12 |
2022-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). |
|
226 |
CVE-2018-10060 |
79 |
|
XSS |
2018-04-12 |
2022-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. |
|
227 |
CVE-2018-10059 |
79 |
|
XSS |
2018-04-12 |
2019-03-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. |
|
228 |
CVE-2018-10054 |
20 |
|
Exec Code |
2018-04-11 |
2019-12-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. |
|
229 |
CVE-2018-10052 |
79 |
|
XSS |
2018-04-11 |
2018-05-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. |
|
230 |
CVE-2018-10051 |
79 |
|
XSS |
2018-04-11 |
2018-05-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. |
|
231 |
CVE-2018-10050 |
89 |
|
Sql |
2018-04-11 |
2018-05-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. |
|
232 |
CVE-2018-10049 |
79 |
|
XSS |
2018-04-11 |
2018-05-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. |
|
233 |
CVE-2018-10048 |
352 |
|
CSRF |
2018-04-11 |
2018-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. |
|
234 |
CVE-2018-10033 |
79 |
|
XSS |
2018-04-11 |
2018-04-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. |
|
235 |
CVE-2018-10032 |
79 |
|
XSS |
2018-04-11 |
2018-04-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. |
|
236 |
CVE-2018-10031 |
352 |
|
CSRF |
2018-04-11 |
2018-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. |
|
237 |
CVE-2018-10030 |
352 |
|
CSRF |
2018-04-11 |
2018-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. |
|
238 |
CVE-2018-10029 |
79 |
|
XSS |
2018-04-11 |
2018-04-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. |
|
239 |
CVE-2018-10028 |
200 |
|
+Info |
2018-04-11 |
2018-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. |
|
240 |
CVE-2018-10026 |
79 |
|
XSS |
2018-04-11 |
2018-05-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. |
|
241 |
CVE-2018-10024 |
522 |
|
|
2018-04-11 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled). |
|
242 |
CVE-2018-10023 |
79 |
|
XSS |
2018-04-11 |
2021-10-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). |
|
243 |
CVE-2018-10021 |
|
|
DoS |
2018-04-11 |
2019-10-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables. |
|
244 |
CVE-2018-10017 |
125 |
|
DoS |
2018-04-11 |
2020-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. |
|
245 |
CVE-2018-10016 |
369 |
|
|
2018-04-11 |
2020-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. |
|
246 |
CVE-2018-10001 |
125 |
|
DoS |
2018-04-11 |
2020-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. |
|
247 |
CVE-2018-10000 |
79 |
|
XSS |
2018-04-11 |
2018-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. |
|
248 |
CVE-2018-9999 |
79 |
|
XSS |
2018-04-18 |
2018-05-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. |
|
249 |
CVE-2018-9996 |
674 |
|
|
2018-04-10 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. |
|
250 |
CVE-2018-9995 |
|
|
Bypass |
2018-04-10 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. |
