| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2018-16793 |
918 |
|
|
2018-09-21 |
2018-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. |
|
302 |
CVE-2018-16790 |
125 |
|
|
2018-09-10 |
2019-10-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. |
|
303 |
CVE-2018-16786 |
79 |
|
XSS |
2018-09-21 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. |
|
304 |
CVE-2018-16785 |
91 |
|
|
2018-09-19 |
2019-01-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell |
|
305 |
CVE-2018-16784 |
91 |
|
Exec Code |
2018-09-21 |
2018-11-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. |
|
306 |
CVE-2018-16782 |
119 |
|
Overflow |
2018-09-10 |
2018-11-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. |
|
307 |
CVE-2018-16781 |
682 |
|
DoS |
2018-09-10 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. |
|
308 |
CVE-2018-16780 |
79 |
|
XSS |
2018-09-10 |
2018-10-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. |
|
309 |
CVE-2018-16779 |
79 |
|
XSS |
2018-09-10 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
BlogCMS through 2016-10-25 has XSS via a comment. |
|
310 |
CVE-2018-16776 |
79 |
|
XSS |
2018-09-10 |
2018-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. |
|
311 |
CVE-2018-16775 |
79 |
|
XSS |
2018-09-10 |
2018-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. |
|
312 |
CVE-2018-16774 |
22 |
|
Dir. Trav. |
2018-09-10 |
2018-09-24 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. |
|
313 |
CVE-2018-16773 |
79 |
|
XSS |
2018-09-10 |
2018-09-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. |
|
314 |
CVE-2018-16772 |
79 |
|
XSS |
2018-09-10 |
2018-09-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. |
|
315 |
CVE-2018-16771 |
94 |
|
Exec Code |
2018-09-10 |
2018-09-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. |
|
316 |
CVE-2018-16770 |
|
|
DoS |
2018-09-10 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. |
|
317 |
CVE-2018-16769 |
|
|
DoS |
2018-09-10 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. |
|
318 |
CVE-2018-16768 |
119 |
|
DoS Overflow |
2018-09-10 |
2018-11-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. |
|
319 |
CVE-2018-16767 |
119 |
|
DoS Overflow |
2018-09-10 |
2018-11-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand. |
|
320 |
CVE-2018-16766 |
670 |
|
DoS |
2018-09-10 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. |
|
321 |
CVE-2018-16765 |
119 |
|
DoS Overflow |
2018-09-10 |
2018-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_. |
|
322 |
CVE-2018-16764 |
125 |
|
DoS |
2018-09-10 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read. |
|
323 |
CVE-2018-16763 |
74 |
|
Exec Code |
2018-09-09 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. |
|
324 |
CVE-2018-16762 |
89 |
|
Sql |
2018-09-09 |
2018-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. |
|
325 |
CVE-2018-16761 |
601 |
|
|
2018-09-09 |
2018-11-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Eventum before 3.4.0 has an open redirect vulnerability. |
|
326 |
CVE-2018-16759 |
79 |
|
XSS |
2018-09-09 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. |
|
327 |
CVE-2018-16752 |
78 |
|
Exec Code |
2018-09-20 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases. |
|
328 |
CVE-2018-16750 |
772 |
|
|
2018-09-09 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. |
|
329 |
CVE-2018-16749 |
476 |
|
DoS |
2018-09-09 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. |
|
330 |
CVE-2018-16745 |
119 |
|
Overflow |
2018-09-13 |
2018-11-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. |
|
331 |
CVE-2018-16744 |
78 |
|
|
2018-09-13 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. |
|
332 |
CVE-2018-16743 |
787 |
|
Overflow |
2018-09-13 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. |
|
333 |
CVE-2018-16742 |
787 |
|
Overflow |
2018-09-13 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. |
|
334 |
CVE-2018-16741 |
78 |
|
|
2018-09-13 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command. |
|
335 |
CVE-2018-16736 |
79 |
|
XSS |
2018-09-09 |
2018-11-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). |
|
336 |
CVE-2018-16733 |
20 |
|
|
2018-09-08 |
2018-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. |
|
337 |
CVE-2018-16732 |
352 |
|
CSRF |
2018-09-08 |
2018-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. |
|
338 |
CVE-2018-16731 |
434 |
|
|
2018-09-08 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. |
|
339 |
CVE-2018-16730 |
79 |
|
XSS |
2018-09-08 |
2018-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. |
|
340 |
CVE-2018-16729 |
79 |
|
XSS |
2018-09-12 |
2018-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. |
|
341 |
CVE-2018-16728 |
79 |
|
XSS |
2018-09-12 |
2018-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. |
|
342 |
CVE-2018-16727 |
79 |
|
XSS |
2018-09-12 |
2018-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. |
|
343 |
CVE-2018-16726 |
79 |
|
XSS |
2018-09-12 |
2018-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. |
|
344 |
CVE-2018-16725 |
79 |
|
XSS |
2018-09-08 |
2018-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." |
|
345 |
CVE-2018-16724 |
89 |
|
Sql |
2018-09-08 |
2018-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. |
|
346 |
CVE-2018-16715 |
732 |
|
|
2018-09-08 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. |
|
347 |
CVE-2018-16713 |
119 |
|
Overflow |
2018-09-26 |
2018-12-27 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction. |
|
348 |
CVE-2018-16712 |
200 |
|
+Info |
2018-09-26 |
2018-12-27 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. |
|
349 |
CVE-2018-16711 |
119 |
|
Overflow |
2018-09-26 |
2018-12-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input. |
|
350 |
CVE-2018-16710 |
200 |
|
DoS +Info |
2018-09-07 |
2018-11-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough." |
