CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2018-9993 79 XSS 2018-04-10 2018-05-16
3.5
None Remote Medium ??? None Partial None
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).
252 CVE-2018-9992 79 XSS 2018-04-11 2018-05-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
253 CVE-2018-9991 79 XSS 2018-04-11 2018-05-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
254 CVE-2018-9990 79 XSS 2018-04-18 2018-05-21
4.3
None Remote Medium Not required None Partial None
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.
255 CVE-2018-9989 125 2018-04-10 2021-11-30
5.0
None Remote Low Not required None None Partial
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
256 CVE-2018-9988 125 2018-04-10 2021-11-30
5.0
None Remote Low Not required None None Partial
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
257 CVE-2018-9987 79 XSS 2018-04-18 2018-05-21
4.3
None Remote Medium Not required None Partial None
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
258 CVE-2018-9986 79 XSS 2018-04-18 2018-05-17
4.3
None Remote Medium Not required None Partial None
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
259 CVE-2018-9985 79 XSS 2018-04-10 2018-05-15
4.3
None Remote Medium Not required None Partial None
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
260 CVE-2018-9934 2018-04-10 2019-10-03
4.3
None Remote Medium Not required Partial None None
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control.
261 CVE-2018-9928 79 XSS 2018-04-10 2018-05-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
262 CVE-2018-9927 352 CSRF 2018-04-10 2019-02-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.
263 CVE-2018-9926 352 CSRF 2018-04-10 2019-02-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
264 CVE-2018-9925 79 XSS 2018-04-10 2018-04-17
3.5
None Remote Medium ??? None Partial None
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
265 CVE-2018-9924 89 Sql 2018-04-10 2018-04-17
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
266 CVE-2018-9923 352 CSRF 2018-04-10 2018-04-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
267 CVE-2018-9922 200 +Info 2018-04-10 2018-04-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.
268 CVE-2018-9921 22 Dir. Trav. 2018-04-23 2018-05-25
5.0
None Remote Low Not required Partial None None
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request.
269 CVE-2018-9918 674 DoS 2018-04-10 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
270 CVE-2018-9864 79 XSS 2018-04-09 2018-05-15
4.3
None Remote Medium Not required None Partial None
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.
271 CVE-2018-9862 838 2018-04-09 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.
272 CVE-2018-9861 79 XSS 2018-04-19 2019-07-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.
273 CVE-2018-9860 193 DoS +Info 2018-04-12 2019-10-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.
274 CVE-2018-9857 79 XSS 2018-04-09 2018-05-09
4.3
None Remote Medium Not required None Partial None
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
275 CVE-2018-9856 352 CSRF 2018-04-09 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
276 CVE-2018-9852 200 +Info 2018-04-08 2020-01-30
5.0
None Remote Low Not required Partial None None
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.
277 CVE-2018-9851 22 Dir. Trav. 2018-04-08 2018-05-17
5.0
None Remote Low Not required Partial None None
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.
278 CVE-2018-9850 22 Dir. Trav. 2018-04-08 2018-05-14
6.4
None Remote Low Not required None Partial Partial
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
279 CVE-2018-9848 94 Exec Code 2018-04-07 2018-05-14
7.5
None Remote Low Not required Partial Partial Partial
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.
280 CVE-2018-9847 94 Exec Code 2018-04-07 2018-05-14
7.5
None Remote Low Not required Partial Partial Partial
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
281 CVE-2018-9846 20 2018-04-07 2018-05-24
6.8
None Remote Medium Not required Partial Partial Partial
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
282 CVE-2018-9845 178 2018-04-29 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Etherpad Lite before 1.6.4 is exploitable for admin access.
283 CVE-2018-9844 79 XSS 2018-04-07 2018-05-11
4.3
None Remote Medium Not required None Partial None
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
284 CVE-2018-9843 502 Exec Code 2018-04-12 2019-02-27
7.5
None Remote Low Not required Partial Partial Partial
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
285 CVE-2018-9842 200 +Info 2018-04-12 2019-02-27
5.0
None Remote Low Not required Partial None None
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
286 CVE-2018-9841 125 DoS 2018-04-07 2020-03-30
6.8
None Remote Medium Not required Partial Partial Partial
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
287 CVE-2018-9840 Bypass 2018-04-10 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
288 CVE-2018-9838 190 DoS Exec Code Overflow Mem. Corr. 2018-04-06 2020-07-27
7.5
None Remote Low Not required Partial Partial Partial
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.
289 CVE-2018-9331 22 Dir. Trav. 2018-04-07 2018-05-10
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
290 CVE-2018-9330 79 XSS 2018-04-07 2018-05-16
3.5
None Remote Medium ??? None Partial None
register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942.
291 CVE-2018-9329 2018-04-05 2018-04-09
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, as configured for AV Defender in SolarWinds N-Central and possibly other products, attempts to access hosts in the bitdefeder.net Potentially Unwanted Domain (a domain similar to "bitdefender.net" but with a missing 'n' character) in unspecified circumstances. The observed hostnames are of the form upgr-midgress-##.htz.bitdefeder.net; however, all hostnames ending in .bitdefeder.net apparently resolve to the same IP address. This product behavior may allow remote attackers to block antivirus updates or potentially provide crafted updates, either by controlling that IP address or by purchasing the bitdefeder.net domain name. NOTE: the vendor reportedly disputes the details of this finding, indicating that a user's tools may have displayed upgr-midgress-##.htz.bitdefeder.net names because of incorrect DNS PTR records, not actual outbound traffic to an unintended IP address.
292 CVE-2018-9328 79 XSS 2018-04-05 2018-05-09
4.3
None Remote Medium Not required None Partial None
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php.
293 CVE-2018-9327 20 Exec Code 2018-04-07 2018-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
294 CVE-2018-9326 Exec Code 2018-04-07 2018-05-11
7.5
None Remote Low Not required Partial Partial Partial
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.
295 CVE-2018-9325 200 +Info 2018-04-07 2018-05-11
5.0
None Remote Low Not required Partial None None
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.
296 CVE-2018-9310 2018-04-30 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system.
297 CVE-2018-9309 89 Sql 2018-04-05 2018-05-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
298 CVE-2018-9307 79 XSS 2018-04-04 2018-04-18
4.3
None Remote Medium Not required None Partial None
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.
299 CVE-2018-9306 125 +Info 2018-04-04 2018-04-17
5.8
None Remote Medium Not required Partial None Partial
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "!= 0x1c" case.
300 CVE-2018-9305 125 +Info 2018-04-04 2019-08-06
5.8
None Remote Medium Not required Partial None Partial
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
Total number of vulnerabilities : 1672   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.