Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-16608 |
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). Published: September 10, 2018; 9:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 4.0 MEDIUM |
CVE-2018-15886 |
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. Published: September 10, 2018; 9:29:00 AM -0400 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-14625 |
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. Published: September 10, 2018; 9:29:00 AM -0400 |
V3.0: 7.0 HIGH V2.0: 4.4 MEDIUM |
CVE-2018-16790 |
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. Published: September 10, 2018; 1:29:00 AM -0400 |
V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2018-16782 |
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. Published: September 10, 2018; 12:29:02 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16781 |
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. Published: September 10, 2018; 12:29:02 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16780 |
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. Published: September 10, 2018; 12:29:02 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16779 |
BlogCMS through 2016-10-25 has XSS via a comment. Published: September 10, 2018; 12:29:02 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16776 |
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. Published: September 10, 2018; 12:29:02 AM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16775 |
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. Published: September 10, 2018; 12:29:02 AM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16774 |
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2018-16773 |
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16772 |
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16771 |
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-16770 |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16769 |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16768 |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. Published: September 10, 2018; 12:29:01 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16767 |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand. Published: September 10, 2018; 12:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16766 |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. Published: September 10, 2018; 12:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16765 |
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_. Published: September 10, 2018; 12:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |