National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-10523 CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileMa... read CVE-2018-10523
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10522 In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP file_get_c... read CVE-2018-10522
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10521 In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory... read CVE-2018-10521
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10520 In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all d... read CVE-2018-10520
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10519 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible throug... read CVE-2018-10519
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10518 In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all dir... read CVE-2018-10518
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10517 In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10516 In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-10515 In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
    Published: April 27, 2018; 02:29:00 PM -04:00

  • CVE-2018-1479 IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.
    Published: April 27, 2018; 11:29:10 AM -04:00

  • CVE-2018-1475 IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.
    Published: April 27, 2018; 11:29:00 AM -04:00

  • CVE-2018-1473 IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... read CVE-2018-1473
    Published: April 27, 2018; 11:29:00 AM -04:00

  • CVE-2017-1116 IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.
    Published: April 27, 2018; 11:29:00 AM -04:00

  • CVE-2018-6518 Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
    Published: April 26, 2018; 10:29:00 AM -04:00

  • CVE-2018-1418 IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
    Published: April 26, 2018; 10:29:00 AM -04:00

  • CVE-2017-1724 IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within... read CVE-2017-1724
    Published: April 26, 2018; 10:29:00 AM -04:00

  • CVE-2017-1723 IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force... read CVE-2017-1723
    Published: April 26, 2018; 10:29:00 AM -04:00

  • CVE-2017-1722 IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 13... read CVE-2017-1722
    Published: April 26, 2018; 10:29:00 AM -04:00

  • CVE-2017-1721 IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
    Published: April 26, 2018; 10:29:00 AM -04:00

  • CVE-2017-14740 Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.
    Published: April 26, 2018; 10:29:00 AM -04:00