| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2018-19271 |
89 |
|
Sql |
2018-11-14 |
2019-07-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. |
|
102 |
CVE-2018-19246 |
200 |
|
+Info File Inclusion |
2018-11-13 |
2018-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion. |
|
103 |
CVE-2018-19244 |
611 |
|
+Info |
2018-11-13 |
2019-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked. |
|
104 |
CVE-2018-19228 |
22 |
|
Dir. Trav. |
2018-11-12 |
2018-12-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation. |
|
105 |
CVE-2018-19226 |
200 |
|
+Info |
2018-11-12 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI. |
|
106 |
CVE-2018-19225 |
352 |
|
CSRF |
2018-11-12 |
2018-12-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. |
|
107 |
CVE-2018-19224 |
565 |
|
|
2018-11-12 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. |
|
108 |
CVE-2018-19222 |
79 |
|
XSS |
2018-11-12 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. |
|
109 |
CVE-2018-19221 |
89 |
|
Sql |
2018-11-12 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter. |
|
110 |
CVE-2018-19220 |
94 |
|
Exec Code |
2018-11-12 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. |
|
111 |
CVE-2018-19216 |
416 |
|
|
2018-11-12 |
2020-07-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. |
|
112 |
CVE-2018-19215 |
125 |
|
|
2018-11-12 |
2020-07-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. |
|
113 |
CVE-2018-19214 |
125 |
|
|
2018-11-12 |
2020-07-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. |
|
114 |
CVE-2018-19207 |
425 |
|
Exec Code |
2018-11-12 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. |
|
115 |
CVE-2018-19205 |
200 |
|
+Info |
2018-11-12 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. |
|
116 |
CVE-2018-19204 |
20 |
|
Exec Code |
2018-11-12 |
2021-06-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor. |
|
117 |
CVE-2018-19203 |
|
|
|
2018-11-12 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. |
|
118 |
CVE-2018-19200 |
476 |
|
|
2018-11-12 |
2018-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. |
|
119 |
CVE-2018-19199 |
190 |
|
Overflow |
2018-11-12 |
2019-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. |
|
120 |
CVE-2018-19198 |
787 |
|
|
2018-11-12 |
2019-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. |
|
121 |
CVE-2018-19197 |
22 |
|
Dir. Trav. |
2018-11-12 |
2019-01-23 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal. |
|
122 |
CVE-2018-19196 |
94 |
|
Exec Code Bypass |
2018-11-12 |
2018-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI. |
|
123 |
CVE-2018-19194 |
200 |
|
+Info |
2018-11-12 |
2018-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message. |
|
124 |
CVE-2018-19192 |
352 |
|
CSRF |
2018-11-12 |
2018-12-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. |
|
125 |
CVE-2018-19185 |
787 |
|
Overflow |
2018-11-12 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. |
|
126 |
CVE-2018-19184 |
476 |
|
DoS |
2018-11-12 |
2018-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. |
|
127 |
CVE-2018-19183 |
119 |
|
DoS Overflow |
2018-11-12 |
2020-07-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. |
|
128 |
CVE-2018-19181 |
22 |
|
Dir. Trav. |
2018-11-11 |
2018-12-12 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. |
|
129 |
CVE-2018-19180 |
94 |
|
Exec Code |
2018-11-11 |
2018-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. |
|
130 |
CVE-2018-19168 |
78 |
|
Exec Code |
2018-11-11 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session. |
|
131 |
CVE-2018-19150 |
119 |
|
DoS Overflow Mem. Corr. |
2018-11-10 |
2019-01-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue. |
|
132 |
CVE-2018-19143 |
425 |
|
|
2018-11-11 |
2019-10-03 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. |
|
133 |
CVE-2018-19138 |
352 |
|
CSRF |
2018-11-09 |
2019-03-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. |
|
134 |
CVE-2018-19135 |
352 |
|
CSRF |
2018-11-11 |
2019-01-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. |
|
135 |
CVE-2018-19133 |
200 |
|
+Info |
2018-11-09 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. |
|
136 |
CVE-2018-19127 |
94 |
|
Exec Code |
2018-11-09 |
2019-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring. |
|
137 |
CVE-2018-19126 |
434 |
|
Exec Code |
2018-11-09 |
2018-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. |
|
138 |
CVE-2018-19125 |
|
|
|
2018-11-09 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. |
|
139 |
CVE-2018-19124 |
22 |
|
Dir. Trav. |
2018-11-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. |
|
140 |
CVE-2018-19120 |
200 |
|
+Info |
2018-11-29 |
2019-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. |
|
141 |
CVE-2018-19115 |
787 |
|
Overflow |
2018-11-08 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. |
|
142 |
CVE-2018-19114 |
20 |
|
+Priv |
2018-11-08 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen. |
|
143 |
CVE-2018-19111 |
319 |
|
|
2018-11-08 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS. |
|
144 |
CVE-2018-19109 |
425 |
|
Bypass |
2018-11-08 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. |
|
145 |
CVE-2018-19105 |
787 |
|
DoS |
2018-11-08 |
2019-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. |
|
146 |
CVE-2018-19104 |
352 |
|
CSRF |
2018-11-08 |
2018-12-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. |
|
147 |
CVE-2018-19093 |
|
|
|
2018-11-07 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program. |
|
148 |
CVE-2018-19087 |
787 |
|
DoS Exec Code Overflow |
2018-11-10 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
|
149 |
CVE-2018-19086 |
787 |
|
DoS Exec Code Overflow |
2018-11-10 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
|
150 |
CVE-2018-19085 |
787 |
|
DoS Exec Code Overflow |
2018-11-10 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges. |
