CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3651 CVE-2018-18439 119 Overflow 2018-11-20 2019-01-02
10.0
None Remote Low Not required Complete Complete Complete
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
3652 CVE-2018-18426 94 Exec Code 2018-10-17 2018-12-03
9.0
None Remote Low ??? Complete Complete Complete
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
3653 CVE-2018-18395 2018-10-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
3654 CVE-2018-18387 829 2018-10-29 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
3655 CVE-2018-18068 668 Exec Code 2019-04-04 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.
3656 CVE-2018-17990 78 Exec Code 2019-04-01 2019-04-02
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.
3657 CVE-2018-17953 2018-11-27 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
3658 CVE-2018-17932 294 2020-11-02 2020-11-12
10.0
None Remote Low Not required Complete Complete Complete
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
3659 CVE-2018-17930 787 Exec Code Overflow 2018-11-28 2020-09-18
10.0
None Remote Low Not required Complete Complete Complete
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
3660 CVE-2018-17916 787 Exec Code Overflow 2018-11-02 2021-04-08
10.0
None Remote Low Not required Complete Complete Complete
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine.
3661 CVE-2018-17914 Exec Code 2018-11-02 2021-04-08
10.0
None Remote Low Not required Complete Complete Complete
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime.
3662 CVE-2018-17910 119 Exec Code Overflow 2018-10-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.
3663 CVE-2018-17896 798 Exec Code +Info 2018-10-12 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
3664 CVE-2018-17867 78 Exec Code 2018-10-01 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).
3665 CVE-2018-17793 254 Exec Code 2018-09-30 2019-01-08
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.
3666 CVE-2018-17565 78 Exec Code 2019-04-01 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.
3667 CVE-2018-17532 78 Exec Code 2018-10-15 2018-11-30
10.0
None Remote Low Not required Complete Complete Complete
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
3668 CVE-2018-17411 611 2018-09-26 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
3669 CVE-2018-17208 78 Exec Code CSRF 2018-09-19 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.
3670 CVE-2018-17160 787 Exec Code 2018-12-04 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.
3671 CVE-2018-17157 190 Exec Code Overflow Mem. Corr. 2018-12-04 2019-01-24
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
3672 CVE-2018-17153 287 +Priv Bypass 2018-09-18 2018-12-18
10.0
None Remote Low Not required Complete Complete Complete
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
3673 CVE-2018-17068 78 2018-09-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
3674 CVE-2018-17067 787 Overflow 2018-09-15 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
3675 CVE-2018-17066 78 2018-09-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
3676 CVE-2018-17065 787 Overflow 2018-09-15 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
3677 CVE-2018-17064 78 2018-09-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.
3678 CVE-2018-17063 78 2018-09-15 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
3679 CVE-2018-16957 798 2018-09-18 2018-12-06
10.0
None Remote Low Not required Complete Complete Complete
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
3680 CVE-2018-16863 78 Exec Code Bypass 2018-12-03 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
3681 CVE-2018-16803 89 Exec Code Sql 2019-01-10 2020-01-16
10.0
None Remote Low Not required Complete Complete Complete
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.
3682 CVE-2018-16796 434 2018-09-13 2018-11-25
9.0
None Remote Low ??? Complete Complete Complete
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
3683 CVE-2018-16752 78 Exec Code 2018-09-20 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
3684 CVE-2018-16660 78 Exec Code 2019-04-25 2019-04-29
9.0
None Remote Low ??? Complete Complete Complete
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
3685 CVE-2018-16651 1236 2018-09-07 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
3686 CVE-2018-16618 78 Exec Code 2019-06-19 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters followed by the name of an Android activity to start. Activities are started by inserting their name into a string that is executed in a shell command. By inserting metacharacters this can be exploited to run arbitrary commands as root. The requests also match those of the HTTP protocol and can be triggered on any web page rendered on the device by requesting resources stored at an http://127.0.0.1:1668/ URI, as demonstrated by the http://127.0.0.1:1668/dacdb70556479813fab2d92896596eef?';{ping,example.org}' URL.
3687 CVE-2018-16591 862 2018-09-10 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.
3688 CVE-2018-16590 287 2018-09-06 2018-11-14
10.0
None Remote Low Not required Complete Complete Complete
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
3689 CVE-2018-16509 Exec Code 2018-09-05 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
3690 CVE-2018-16462 78 Exec Code 2018-10-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
3691 CVE-2018-16461 78 Exec Code 2018-10-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
3692 CVE-2018-16408 78 Exec Code 2018-09-03 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
3693 CVE-2018-16367 22 Dir. Trav. 2018-09-02 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
3694 CVE-2018-16364 502 Exec Code 2018-09-26 2020-09-29
9.3
None Remote Medium Not required Complete Complete Complete
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
3695 CVE-2018-16334 78 2018-09-02 2018-10-25
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
3696 CVE-2018-16302 119 Overflow 2018-09-01 2018-11-01
9.3
None Remote Medium Not required Complete Complete Complete
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
3697 CVE-2018-16282 78 Exec Code 2018-09-20 2018-11-05
9.0
None Remote Low ??? Complete Complete Complete
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
3698 CVE-2018-16217 78 2019-05-29 2019-05-31
9.0
None Remote Low ??? Complete Complete Complete
The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.
3699 CVE-2018-16194 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
3700 CVE-2018-16184 78 Exec Code 2019-01-09 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.