Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-13049 |
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. Published: July 02, 2018; 7:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-13043 |
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. Published: July 01, 2018; 6:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-13041 |
The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. Published: July 01, 2018; 2:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-13040 |
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. Published: July 01, 2018; 2:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-13039 |
OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. Published: July 01, 2018; 2:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-13038 |
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. Published: July 01, 2018; 2:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-13037 |
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. Published: July 01, 2018; 2:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-13033 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. Published: July 01, 2018; 12:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-13032 |
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. Published: July 01, 2018; 12:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-7475 |
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Published: June 30, 2018; 10:29:00 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12990 |
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. Published: June 30, 2018; 10:29:00 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2018-13030 |
An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact. Published: June 30, 2018; 8:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-13026 |
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type. Published: June 30, 2018; 8:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-10860 |
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. Published: June 29, 2018; 3:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2018-13025 |
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. Published: June 29, 2018; 1:29:00 PM -0400 |
V3.0: 4.9 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2018-13024 |
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. Published: June 29, 2018; 1:29:00 PM -0400 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-13021 |
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. Published: June 29, 2018; 1:29:00 PM -0400 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2018-12465 |
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). Published: June 29, 2018; 12:29:00 PM -0400 |
V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2018-12464 |
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). Published: June 29, 2018; 12:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-8902 |
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. Published: June 29, 2018; 11:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |