| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2018-9993 |
79 |
|
XSS |
2018-04-10 |
2018-05-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). |
|
252 |
CVE-2018-9992 |
79 |
|
XSS |
2018-04-11 |
2018-05-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. |
|
253 |
CVE-2018-9991 |
79 |
|
XSS |
2018-04-11 |
2018-05-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. |
|
254 |
CVE-2018-9990 |
79 |
|
XSS |
2018-04-18 |
2018-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. |
|
255 |
CVE-2018-9989 |
125 |
|
|
2018-04-10 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. |
|
256 |
CVE-2018-9988 |
125 |
|
|
2018-04-10 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. |
|
257 |
CVE-2018-9987 |
79 |
|
XSS |
2018-04-18 |
2018-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. |
|
258 |
CVE-2018-9986 |
79 |
|
XSS |
2018-04-18 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. |
|
259 |
CVE-2018-9985 |
79 |
|
XSS |
2018-04-10 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. |
|
260 |
CVE-2018-9934 |
|
|
|
2018-04-10 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. |
|
261 |
CVE-2018-9928 |
79 |
|
XSS |
2018-04-10 |
2018-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. |
|
262 |
CVE-2018-9927 |
352 |
|
CSRF |
2018-04-10 |
2019-02-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. |
|
263 |
CVE-2018-9926 |
352 |
|
CSRF |
2018-04-10 |
2019-02-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. |
|
264 |
CVE-2018-9925 |
79 |
|
XSS |
2018-04-10 |
2018-04-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. |
|
265 |
CVE-2018-9924 |
89 |
|
Sql |
2018-04-10 |
2018-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. |
|
266 |
CVE-2018-9923 |
352 |
|
CSRF |
2018-04-10 |
2018-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. |
|
267 |
CVE-2018-9922 |
200 |
|
+Info |
2018-04-10 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. |
|
268 |
CVE-2018-9921 |
22 |
|
Dir. Trav. |
2018-04-23 |
2018-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. |
|
269 |
CVE-2018-9918 |
674 |
|
DoS |
2018-04-10 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. |
|
270 |
CVE-2018-9864 |
79 |
|
XSS |
2018-04-09 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. |
|
271 |
CVE-2018-9862 |
838 |
|
|
2018-04-09 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697. |
|
272 |
CVE-2018-9861 |
79 |
|
XSS |
2018-04-19 |
2019-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. |
|
273 |
CVE-2018-9860 |
193 |
|
DoS +Info |
2018-04-12 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs. |
|
274 |
CVE-2018-9857 |
79 |
|
XSS |
2018-04-09 |
2018-05-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). |
|
275 |
CVE-2018-9856 |
352 |
|
CSRF |
2018-04-09 |
2018-05-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. |
|
276 |
CVE-2018-9852 |
200 |
|
+Info |
2018-04-08 |
2020-01-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. |
|
277 |
CVE-2018-9851 |
22 |
|
Dir. Trav. |
2018-04-08 |
2018-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. |
|
278 |
CVE-2018-9850 |
22 |
|
Dir. Trav. |
2018-04-08 |
2018-05-14 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. |
|
279 |
CVE-2018-9848 |
94 |
|
Exec Code |
2018-04-07 |
2018-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request. |
|
280 |
CVE-2018-9847 |
94 |
|
Exec Code |
2018-04-07 |
2018-05-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. |
|
281 |
CVE-2018-9846 |
20 |
|
|
2018-04-07 |
2018-05-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. |
|
282 |
CVE-2018-9845 |
178 |
|
|
2018-04-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Etherpad Lite before 1.6.4 is exploitable for admin access. |
|
283 |
CVE-2018-9844 |
79 |
|
XSS |
2018-04-07 |
2018-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. |
|
284 |
CVE-2018-9843 |
502 |
|
Exec Code |
2018-04-12 |
2019-02-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. |
|
285 |
CVE-2018-9842 |
200 |
|
+Info |
2018-04-12 |
2019-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. |
|
286 |
CVE-2018-9841 |
125 |
|
DoS |
2018-04-07 |
2020-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. |
|
287 |
CVE-2018-9840 |
|
|
Bypass |
2018-04-10 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button. |
|
288 |
CVE-2018-9838 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-04-06 |
2020-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. |
|
289 |
CVE-2018-9331 |
22 |
|
Dir. Trav. |
2018-04-07 |
2018-05-10 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. |
|
290 |
CVE-2018-9330 |
79 |
|
XSS |
2018-04-07 |
2018-05-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. |
|
291 |
CVE-2018-9329 |
|
|
|
2018-04-05 |
2018-04-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, as configured for AV Defender in SolarWinds N-Central and possibly other products, attempts to access hosts in the bitdefeder.net Potentially Unwanted Domain (a domain similar to "bitdefender.net" but with a missing 'n' character) in unspecified circumstances. The observed hostnames are of the form upgr-midgress-##.htz.bitdefeder.net; however, all hostnames ending in .bitdefeder.net apparently resolve to the same IP address. This product behavior may allow remote attackers to block antivirus updates or potentially provide crafted updates, either by controlling that IP address or by purchasing the bitdefeder.net domain name. NOTE: the vendor reportedly disputes the details of this finding, indicating that a user's tools may have displayed upgr-midgress-##.htz.bitdefeder.net names because of incorrect DNS PTR records, not actual outbound traffic to an unintended IP address. |
|
292 |
CVE-2018-9328 |
79 |
|
XSS |
2018-04-05 |
2018-05-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. |
|
293 |
CVE-2018-9327 |
20 |
|
Exec Code |
2018-04-07 |
2018-05-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB). |
|
294 |
CVE-2018-9326 |
|
|
Exec Code |
2018-04-07 |
2018-05-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. |
|
295 |
CVE-2018-9325 |
200 |
|
+Info |
2018-04-07 |
2018-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. |
|
296 |
CVE-2018-9310 |
|
|
|
2018-04-30 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system. |
|
297 |
CVE-2018-9309 |
89 |
|
Sql |
2018-04-05 |
2018-05-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. |
|
298 |
CVE-2018-9307 |
79 |
|
XSS |
2018-04-04 |
2018-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. |
|
299 |
CVE-2018-9306 |
125 |
|
+Info |
2018-04-04 |
2018-04-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "!= 0x1c" case. |
|
300 |
CVE-2018-9305 |
125 |
|
+Info |
2018-04-04 |
2019-08-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. |
