Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-17066 |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. Published: September 15, 2018; 5:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-17065 |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. Published: September 15, 2018; 5:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-17064 |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. Published: September 15, 2018; 5:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-17063 |
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. Published: September 15, 2018; 5:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-17061 |
BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results. Published: September 15, 2018; 3:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16706 |
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. Published: September 14, 2018; 5:29:04 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2018-16288 |
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. Published: September 14, 2018; 5:29:04 PM -0400 |
V3.0: 8.6 HIGH V2.0: 7.8 HIGH |
CVE-2018-16287 |
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Published: September 14, 2018; 5:29:04 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-16286 |
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2018-16242 |
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 2.9 LOW |
CVE-2018-12585 |
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 8.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2018-12086 |
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-10814 |
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2018-10763 |
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-16639 |
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability. Published: September 14, 2018; 5:29:03 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17057 |
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. Published: September 14, 2018; 4:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-11087 |
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. Published: September 14, 2018; 4:29:00 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-11058 |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. Published: September 14, 2018; 4:29:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-14638 |
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. Published: September 14, 2018; 3:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-1791 |
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946. Published: September 14, 2018; 8:29:00 AM -0400 |
V3.0: 4.9 MEDIUM V2.0: 4.9 MEDIUM |