| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-19762 |
787 |
|
DoS Overflow |
2018-11-30 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. |
|
2 |
CVE-2018-19760 |
772 |
|
|
2018-11-30 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. |
|
3 |
CVE-2018-19692 |
434 |
|
Exec Code |
2018-11-29 |
2018-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type. |
|
4 |
CVE-2018-19666 |
22 |
|
Dir. Trav. |
2018-11-29 |
2019-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |
|
5 |
CVE-2018-19655 |
787 |
|
Overflow |
2018-11-29 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. |
|
6 |
CVE-2018-19646 |
78 |
|
Exec Code |
2018-11-28 |
2019-02-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. |
|
7 |
CVE-2018-19595 |
94 |
|
Exec Code |
2018-11-27 |
2019-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. |
|
8 |
CVE-2018-19562 |
434 |
|
Exec Code |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. |
|
9 |
CVE-2018-19561 |
352 |
|
CSRF |
2018-11-26 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. |
|
10 |
CVE-2018-19560 |
352 |
|
CSRF |
2018-11-26 |
2018-12-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. |
|
11 |
CVE-2018-19559 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. |
|
12 |
CVE-2018-19558 |
89 |
|
Sql |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. |
|
13 |
CVE-2018-19557 |
89 |
|
Sql |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. |
|
14 |
CVE-2018-19555 |
352 |
|
CSRF |
2018-11-26 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. |
|
15 |
CVE-2018-19553 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php |
|
16 |
CVE-2018-19552 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. |
|
17 |
CVE-2018-19551 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. |
|
18 |
CVE-2018-19550 |
434 |
|
|
2018-11-26 |
2019-05-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. |
|
19 |
CVE-2018-19549 |
89 |
|
Sql |
2018-11-26 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. |
|
20 |
CVE-2018-19546 |
352 |
|
XSS CSRF |
2018-11-26 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. |
|
21 |
CVE-2018-19545 |
352 |
|
CSRF |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. |
|
22 |
CVE-2018-19543 |
125 |
|
|
2018-11-26 |
2020-09-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. |
|
23 |
CVE-2018-19541 |
125 |
|
|
2018-11-26 |
2021-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. |
|
24 |
CVE-2018-19540 |
787 |
|
Overflow |
2018-11-26 |
2021-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. |
|
25 |
CVE-2018-19537 |
434 |
|
Exec Code |
2018-11-26 |
2018-12-28 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases. |
|
26 |
CVE-2018-19532 |
476 |
|
DoS |
2018-11-26 |
2018-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. |
|
27 |
CVE-2018-19531 |
20 |
|
Exec Code |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. |
|
28 |
CVE-2018-19530 |
20 |
|
Exec Code |
2018-11-26 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. |
|
29 |
CVE-2018-19528 |
119 |
|
DoS Overflow |
2018-11-26 |
2018-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. |
|
30 |
CVE-2018-19520 |
94 |
|
Exec Code |
2018-11-25 |
2019-02-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. |
|
31 |
CVE-2018-19518 |
88 |
|
Exec Code |
2018-11-25 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. |
|
32 |
CVE-2018-19504 |
125 |
|
|
2018-11-23 |
2020-06-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. |
|
33 |
CVE-2018-19503 |
787 |
|
Overflow |
2018-11-23 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. |
|
34 |
CVE-2018-19502 |
787 |
|
Overflow |
2018-11-23 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. |
|
35 |
CVE-2018-19499 |
502 |
|
Exec Code |
2018-11-23 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. |
|
36 |
CVE-2018-19492 |
119 |
|
Overflow |
2018-11-23 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. |
|
37 |
CVE-2018-19491 |
119 |
|
Overflow |
2018-11-23 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. |
|
38 |
CVE-2018-19490 |
787 |
|
Overflow |
2018-11-23 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. |
|
39 |
CVE-2018-19486 |
426 |
|
Exec Code |
2018-11-23 |
2019-04-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. |
|
40 |
CVE-2018-19477 |
704 |
|
Bypass |
2018-11-23 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. |
|
41 |
CVE-2018-19476 |
704 |
|
Bypass |
2018-11-23 |
2019-04-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. |
|
42 |
CVE-2018-19475 |
|
|
Bypass |
2018-11-23 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. |
|
43 |
CVE-2018-19468 |
89 |
|
Sql |
2018-11-23 |
2018-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. |
|
44 |
CVE-2018-19463 |
94 |
|
Exec Code |
2018-11-22 |
2019-03-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication. |
|
45 |
CVE-2018-19459 |
119 |
|
Overflow |
2018-11-22 |
2018-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. |
|
46 |
CVE-2018-19457 |
434 |
|
Exec Code |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. |
|
47 |
CVE-2018-19436 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter. |
|
48 |
CVE-2018-19435 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter. |
|
49 |
CVE-2018-19434 |
89 |
|
Sql |
2018-11-22 |
2018-12-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter. |
|
50 |
CVE-2018-19424 |
434 |
|
|
2018-11-21 |
2018-12-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files. |
