CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2017-17172 755 2018-06-14 2019-10-03
4.4
None Local Medium Not required Partial Partial Partial
Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones.
1152 CVE-2017-17171 20 DoS 2018-06-01 2018-07-27
6.3
None Remote Medium ??? None None Complete
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.
1153 CVE-2017-17062 79 XSS 2018-06-16 2019-10-03
4.0
None Remote Low ??? None Partial None
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
1154 CVE-2017-16859 22 Dir. Trav. 2018-06-28 2018-08-23
4.0
None Remote Low ??? Partial None None
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
1155 CVE-2017-16726 326 2018-06-27 2019-10-09
6.4
None Remote Low Not required Partial Partial None
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
1156 CVE-2017-16718 327 2018-06-27 2019-10-09
4.3
None Remote Medium Not required Partial None None
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
1157 CVE-2017-16652 601 2018-06-13 2019-03-13
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
1158 CVE-2017-16226 20 Exec Code 2018-06-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
1159 CVE-2017-16225 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.
1160 CVE-2017-16224 601 2018-06-07 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").
1161 CVE-2017-16223 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1162 CVE-2017-16222 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.
1163 CVE-2017-16221 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1164 CVE-2017-16220 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1165 CVE-2017-16219 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1166 CVE-2017-16218 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1167 CVE-2017-16217 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1168 CVE-2017-16216 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1169 CVE-2017-16215 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1170 CVE-2017-16214 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1171 CVE-2017-16213 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1172 CVE-2017-16212 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1173 CVE-2017-16211 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1174 CVE-2017-16210 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1175 CVE-2017-16209 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1176 CVE-2017-16208 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1177 CVE-2017-16207 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.
1178 CVE-2017-16206 200 +Info 2018-06-07 2018-07-24
5.0
None Remote Low Not required Partial None None
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
1179 CVE-2017-16205 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
1180 CVE-2017-16204 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
1181 CVE-2017-16203 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
1182 CVE-2017-16202 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
1183 CVE-2017-16201 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1184 CVE-2017-16200 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1185 CVE-2017-16199 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1186 CVE-2017-16198 22 Dir. Trav. 2018-06-07 2018-07-19
5.0
None Remote Low Not required Partial None None
ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.
1187 CVE-2017-16197 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1188 CVE-2017-16196 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1189 CVE-2017-16195 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1190 CVE-2017-16194 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1191 CVE-2017-16193 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1192 CVE-2017-16192 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1193 CVE-2017-16191 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1194 CVE-2017-16190 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1195 CVE-2017-16189 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1196 CVE-2017-16188 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1197 CVE-2017-16187 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1198 CVE-2017-16186 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1199 CVE-2017-16185 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1200 CVE-2017-16184 22 Dir. Trav. 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Total number of vulnerabilities : 1788   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.