Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-8076 |
ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker. Published: March 15, 2018; 12:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18232 |
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. Published: March 15, 2018; 12:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-7886 |
An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892. Published: March 14, 2018; 10:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-8717 |
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. Published: March 14, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-8715 |
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. Published: March 14, 2018; 9:29:04 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-8045 |
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-7756 |
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-7707 |
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7706 |
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-7705 |
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2018-7704 |
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-7703 |
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7702 |
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2018-7701 |
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe. Published: March 14, 2018; 9:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2017-12194 |
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. Published: March 14, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-8712 |
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request. Published: March 14, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2018-8711 |
A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack. Published: March 14, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-8710 |
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive. Published: March 14, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-6329 |
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. Published: March 14, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-6328 |
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. Published: March 14, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |