CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-6291 79 XSS 2018-02-06 2018-02-23
4.3
None Remote Medium Not required None Partial None
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
402 CVE-2018-6290 2018-02-06 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
403 CVE-2018-6289 74 Exec Code 2018-02-06 2018-02-23
10.0
None Remote Low Not required Complete Complete Complete
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
404 CVE-2018-6288 352 CSRF 2018-02-06 2018-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
405 CVE-2018-6218 426 2018-02-16 2021-09-13
5.1
None Remote High Not required Partial Partial Partial
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
406 CVE-2018-6189 79 XSS 2018-02-16 2018-03-15
4.3
None Remote Medium Not required None Partial None
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.
407 CVE-2018-6188 200 +Info 2018-02-05 2019-03-12
5.0
None Remote Low Not required Partial None None
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
408 CVE-2018-6186 918 Exec Code +Priv 2018-02-01 2018-03-03
9.0
None Remote Low ??? Complete Complete Complete
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
409 CVE-2018-6180 287 2018-02-08 2020-02-19
5.0
None Remote Low Not required None Partial None
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
410 CVE-2018-6024 89 Sql 2018-02-18 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
411 CVE-2018-6006 89 Sql 2018-02-17 2018-03-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
412 CVE-2018-6005 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
413 CVE-2018-6004 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
414 CVE-2018-5994 89 Sql 2018-02-17 2018-03-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
415 CVE-2018-5993 89 Sql 2018-02-17 2018-03-01
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
416 CVE-2018-5992 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
417 CVE-2018-5991 89 Sql 2018-02-17 2018-03-05
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
418 CVE-2018-5990 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
419 CVE-2018-5989 89 Sql 2018-02-17 2019-09-26
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
420 CVE-2018-5987 89 Sql 2018-02-17 2018-03-12
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
421 CVE-2018-5983 89 Sql 2018-02-17 2018-03-12
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
422 CVE-2018-5982 89 Sql 2018-02-17 2018-03-01
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
423 CVE-2018-5981 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.
424 CVE-2018-5980 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
425 CVE-2018-5975 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
426 CVE-2018-5974 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
427 CVE-2018-5971 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
428 CVE-2018-5970 89 Sql 2018-02-17 2018-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
429 CVE-2018-5797 798 2018-02-05 2019-10-03
3.3
None Local Network Low Not required Partial None None
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
430 CVE-2018-5796 119 Overflow 2018-02-05 2018-02-22
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.
431 CVE-2018-5795 2018-02-05 2019-10-03
4.0
None Remote Low ??? None Partial None
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.
432 CVE-2018-5794 287 2018-02-05 2018-02-22
5.0
None Remote Low Not required None Partial None
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.
433 CVE-2018-5793 787 Overflow 2018-02-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
434 CVE-2018-5792 787 Overflow 2018-02-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
435 CVE-2018-5791 787 Overflow 2018-02-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
436 CVE-2018-5790 119 DoS Overflow 2018-02-05 2018-02-22
2.9
None Local Network Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
437 CVE-2018-5789 611 DoS 2018-02-05 2018-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.
438 CVE-2018-5788 119 DoS Overflow 2018-02-05 2018-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
439 CVE-2018-5787 787 Overflow 2018-02-05 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
440 CVE-2018-5767 20 Exec Code 2018-02-15 2018-03-15
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
441 CVE-2018-5763 20 2018-02-19 2018-03-20
4.3
None Remote Medium Not required None None Partial
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
442 CVE-2018-5762 2018-02-26 2019-10-03
4.3
None Remote Medium Not required Partial None None
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
443 CVE-2018-5716 22 Dir. Trav. 2018-02-21 2018-03-18
8.5
None Remote Low ??? Complete Complete None
An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file.
444 CVE-2018-5550 79 XSS 2018-02-08 2019-10-09
4.3
None Remote Medium Not required None Partial None
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.
445 CVE-2018-5477 200 +Info 2018-02-20 2019-10-09
5.0
None Remote Low Not required Partial None None
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
446 CVE-2018-5475 787 Exec Code Overflow 2018-02-19 2020-09-18
7.5
None Remote Low Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution.
447 CVE-2018-5473 119 Exec Code Overflow 2018-02-19 2021-08-18
10.0
None Remote Low Not required Complete Complete Complete
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.
448 CVE-2018-5459 287 Exec Code 2018-02-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
449 CVE-2018-5457 427 2018-02-06 2019-10-09
6.9
None Local Medium Not required Complete Complete Complete
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
450 CVE-2018-5442 787 Exec Code Overflow 2018-02-05 2020-09-18
7.5
None Remote Low Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
Total number of vulnerabilities : 1328   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.