CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2018-16709 2018-09-07 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.
352 CVE-2018-16706 425 2018-09-14 2020-08-24
7.8
None Remote Low Not required None None Complete
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
353 CVE-2018-16705 200 +Info 2018-09-10 2019-10-03
5.0
None Remote Low Not required Partial None None
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
354 CVE-2018-16704 639 2018-09-07 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.
355 CVE-2018-16703 307 2018-09-07 2019-10-03
5.0
None Remote Low Not required Partial None None
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI.
356 CVE-2018-16672 200 +Info 2018-09-26 2021-07-08
4.0
None Remote Low ??? Partial None None
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
357 CVE-2018-16671 200 +Info 2018-09-18 2018-11-07
5.0
None Remote Low Not required Partial None None
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
358 CVE-2018-16670 287 2018-09-18 2018-11-07
5.0
None Remote Low Not required Partial None None
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
359 CVE-2018-16669 522 2018-09-18 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
360 CVE-2018-16668 287 2018-09-18 2021-07-08
5.0
None Remote Low Not required Partial None None
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
361 CVE-2018-16667 125 2018-09-07 2019-10-03
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).
362 CVE-2018-16666 787 Overflow 2018-09-07 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).
363 CVE-2018-16665 119 Overflow 2018-09-07 2018-10-26
3.6
None Local Low Not required None Partial Partial
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.
364 CVE-2018-16664 119 Overflow 2018-09-07 2018-10-26
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).
365 CVE-2018-16663 787 Overflow 2018-09-07 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).
366 CVE-2018-16659 89 Sql 2018-09-28 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
367 CVE-2018-16658 200 +Info 2018-09-07 2019-08-06
3.6
None Local Low Not required Partial None Partial
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
368 CVE-2018-16657 476 DoS Exec Code 2018-09-07 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.
369 CVE-2018-16655 79 XSS 2018-09-07 2018-11-09
4.3
None Remote Medium Not required None Partial None
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
370 CVE-2018-16654 79 XSS 2018-09-07 2018-11-02
4.3
None Remote Medium Not required None Partial None
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
371 CVE-2018-16653 79 XSS 2018-09-07 2018-11-02
4.3
None Remote Medium Not required None Partial None
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.
372 CVE-2018-16651 1236 2018-09-07 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
373 CVE-2018-16650 352 CSRF 2018-09-07 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
phpMyFAQ before 2.9.11 allows CSRF.
374 CVE-2018-16648 129 DoS 2018-09-06 2020-07-26
4.3
None Remote Medium Not required None None Partial
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.
375 CVE-2018-16647 119 DoS Overflow 2018-09-06 2020-07-26
4.3
None Remote Medium Not required None None Partial
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.
376 CVE-2018-16646 835 2018-09-06 2020-07-23
4.3
None Remote Medium Not required None None Partial
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
377 CVE-2018-16645 770 DoS 2018-09-06 2019-10-03
4.3
None Remote Medium Not required None None Partial
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
378 CVE-2018-16644 119 DoS Overflow 2018-09-06 2020-08-24
4.3
None Remote Medium Not required None None Partial
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
379 CVE-2018-16643 252 DoS 2018-09-06 2020-09-08
4.3
None Remote Medium Not required None None Partial
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
380 CVE-2018-16642 787 DoS 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
381 CVE-2018-16641 772 2018-09-06 2019-10-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.
382 CVE-2018-16640 772 2018-09-06 2019-10-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
383 CVE-2018-16622 79 XSS 2018-09-06 2018-11-02
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.
384 CVE-2018-16608 639 2018-09-10 2019-10-03
4.0
None Remote Low ??? Partial None None
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
385 CVE-2018-16607 79 XSS 2018-09-19 2018-11-07
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
386 CVE-2018-16606 639 2018-09-06 2020-08-24
4.0
None Remote Low ??? Partial None None
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
387 CVE-2018-16605 79 XSS 2018-09-12 2021-04-23
3.5
None Remote Medium ??? None Partial None
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
388 CVE-2018-16604 94 Exec Code 2018-09-06 2018-11-14
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").
389 CVE-2018-16597 863 2018-09-21 2019-10-03
4.9
None Local Low Not required None Complete None
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
390 CVE-2018-16591 862 2018-09-10 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.
391 CVE-2018-16590 287 2018-09-06 2018-11-14
10.0
None Remote Low Not required Complete Complete Complete
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
392 CVE-2018-16588 732 2018-09-26 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.
393 CVE-2018-16587 20 2018-09-28 2018-11-21
5.8
None Remote Medium Not required None Partial Partial
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
394 CVE-2018-16586 2018-09-28 2020-08-24
4.3
None Remote Medium Not required None Partial None
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
395 CVE-2018-16585 119 Overflow Mem. Corr. 2018-09-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).
396 CVE-2018-16554 134 2018-09-16 2019-12-31
6.8
None Remote Medium Not required Partial Partial Partial
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
397 CVE-2018-16552 352 CSRF 2018-09-05 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
398 CVE-2018-16551 79 XSS 2018-09-05 2019-10-15
3.5
None Remote Medium ??? None Partial None
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
399 CVE-2018-16550 Bypass 2018-09-05 2019-10-03
5.0
None Remote Low Not required Partial None None
TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.
400 CVE-2018-16549 22 Dir. Trav. 2018-09-05 2018-11-16
5.0
None Remote Low Not required Partial None None
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.
Total number of vulnerabilities : 1174   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.