SB18-183: Vulnerability Summary for the Week of June 25, 2018
SB18-183: Vulnerability Summary for the Week of June 25, 2018
07-02-2018 04:34 AM Original release date: July 02, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. * High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info389-ds-base -- 389-ds-base *389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.2018-06-22not yet calculatedCVE-2017-2668 BID REDHAT REDHAT CONFIRM CONFIRMaaugustin/websockets -- aaugustin/websockets *aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.2018-06-26not yet calculatedCVE-2018-1000518 MISCadm -- asustor_nas_devices *ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.2018-06-28not yet calculatedCVE-2018-11510 MISC MISCaef -- advanced_electron_forum *An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges.2018-06-29not yet calculatedCVE-2018-13000 MISCaio-libs/aiohttp-session -- aio-libs/aiohttp-session *aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-...storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=, or meta tags or script tags with Set-Cookie).2018-06-26not yet calculatedCVE-2018-1000519 MISC MISCall_nippon_airways -- ana_app_for_ios *The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-06-26not yet calculatedCVE-2018-0611 JVN MISCallen-bradley*-- l30erms_safety_devices *Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately.2018-06-25not yet calculatedCVE-2017-9312 BID MISCapache -- cassandra *The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.2018-06-28not yet calculatedCVE-2018-8016 MISCapache -- hbase *CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.2018-06-27not yet calculatedCVE-2018-8025 BID MISCapache -- pluto *The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.2018-06-27not yet calculatedCVE-2018-1306 MISCarm -- mbedtls *ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..2018-06-26not yet calculatedCVE-2018-1000520 MISCatlassian*-- fisheye_and_crucible *The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.2018-06-28not yet calculatedCVE-2017-16859 BID CONFIRM CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.2018-06-26not yet calculatedCVE-2018-10662 MISC CONFIRM CONFIRMaxis_communications -- ip_camerasThere was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.2018-06-26not yet calculatedCVE-2018-10659 MISC CONFIRM CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.2018-06-26not yet calculatedCVE-2018-10663 MISC CONFIRM CONFIRMaxis_communications -- ip_camerasAn issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.2018-06-26not yet calculatedCVE-2018-10664 MISC CONFIRM CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.2018-06-26not yet calculatedCVE-2018-10661 MISC CONFIRM CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.2018-06-26not yet calculatedCVE-2018-10660 MISC CONFIRM CONFIRMaxis_communications -- ip_cameras *There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.2018-06-26not yet calculatedCVE-2018-10658 MISC CONFIRM CONFIRMaxpdfium -- axpdfium *Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0601 JVN MISCbaseon_latronix -- mss_devices *Baseon Lantronix MSS devices do not require a password for TELNET access.2018-06-28not yet calculatedCVE-2018-12925 MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0572 JVN MISCbasercms -- basercmsCross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0570 JVN MISCbasercms -- basercmsCross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0574 JVN MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.2018-06-26not yet calculatedCVE-2018-0571 JVN MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0575 JVN MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0573 JVN MISCbasercms -- basercms *baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0569 JVN MISCbeckoff*-- twincat_3 *Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.2018-06-27not yet calculatedCVE-2017-16718 MISCbeckoff*-- twincat *Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbirtrary ADS packets when legitimate ADS traffic is observable.2018-06-27not yet calculatedCVE-2017-16726 MISCbigtree-cms -- bigtree-cms *BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279.2018-06-26not yet calculatedCVE-2018-1000521 MISCbusybox -- busybox *Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".2018-06-26not yet calculatedCVE-2018-1000500 MISC MISCbusybox -- busybox *BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.2018-06-26not yet calculatedCVE-2018-1000517 MISCbws_systems -- ha-bridge *BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.2018-06-28not yet calculatedCVE-2018-12923 MISCcentreon -- centreonCentreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.2018-06-25not yet calculatedCVE-2018-11588 CONFIRM CONFIRM CONFIRM CONFIRMcentreon -- centreonMultiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.2018-06-25not yet calculatedCVE-2018-11589 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMcentreon -- centreon *There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.2018-06-25not yet calculatedCVE-2018-11587 CONFIRM CONFIRM CONFIRMcivetweb -- civetwebOut-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.2018-06-22not yet calculatedCVE-2018-12684 MISC MISCcloud_foundry -- cloud_foundry *Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.2018-06-25not yet calculatedCVE-2018-11041 CONFIRMcloudwu/pbc -- cloudwu/pbc In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.2018-06-27not yet calculatedCVE-2018-12915 MISCcloudwu/pbc -- cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.2018-06-27not yet calculatedCVE-2018-12917 MISCcloudwu/pbc -- cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.2018-06-27not yet calculatedCVE-2018-12916 MISCcloudwu/pbc -- cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.2018-06-27not yet calculatedCVE-2018-12918 MISCcnn-lite -- cnn-lite *An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.2018-06-26not yet calculatedCVE-2018-12889 MISCcodecanyon -- brynamics_online_trade *Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.2018-06-27not yet calculatedCVE-2018-12908 MISCcorebos -- corebos *coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .2018-06-26not yet calculatedCVE-2018-1000547 MISCcraftedweb -- craftedweb *In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.2018-06-27not yet calculatedCVE-2018-12919 MISCcyberark -- endpoint_privilege_manager *In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.2018-06-26not yet calculatedCVE-2018-12903 MISCcybozu*-- mailwiseCross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0559 JVN CONFIRMcybozu*-- mailwise *Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0558 JVN CONFIRMcybozu*-- mailwise *Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0557 JVN CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0529 JVN CONFIRMcybozu*-- officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0527 JVN CONFIRMcybozu*-- officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0565 JVN CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0566 JVN CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0567 JVN CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0528 JVN CONFIRMcybozu*-- office *Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0526 JVN CONFIRMdell -- emc_idrac_service_module *Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.2018-06-26not yet calculatedCVE-2018-11053 MISC BIDdelta_electronics -- delta_industrial_automation_commgr *Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.2018-06-26not yet calculatedCVE-2018-10594 BID MISCdenx -- u-boot *U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.2018-06-26not yet calculatedCVE-2018-1000205 MISC MISCdigisol -- dg-br4000ng_devicesDIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.2018-06-24not yet calculatedCVE-2018-12706 MISC EXPLOIT-DBdigisol -- dg-br4000ng_devices *DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).2018-06-24not yet calculatedCVE-2018-12705 MISC EXPLOIT-DBeasycms -- easycms *EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.2018-06-29not yet calculatedCVE-2018-12971 MISCeclipse -- jetty_server *In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.2018-06-27not yet calculatedCVE-2018-12536 SECTRACK CONFIRMeclipse -- jetty *In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.2018-06-22not yet calculatedCVE-2018-12538 SECTRACK CONFIRMeclipse*-- jettyIn Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.2018-06-26not yet calculatedCVE-2017-7657 SECTRACK CONFIRMeclipse*-- jetty_serverIn Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.2018-06-26not yet calculatedCVE-2017-7658 SECTRACK CONFIRMeclipse*-- jetty *In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.2018-06-26not yet calculatedCVE-2017-7656 SECTRACK CONFIRMelectro_industries/gaugetech -- nexus_devices *Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.2018-06-28not yet calculatedCVE-2018-12921 MISCemerson_liebert -- intellislot_web_card_devices *Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.2018-06-28not yet calculatedCVE-2018-12922 MISCethereum -- bitasean_token *The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12084 MISCethereum -- block_18 *The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability."2018-06-25not yet calculatedCVE-2018-12703 MISC MISCethereum -- fujinto_token *The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12082 MISCethereum -- globalvillage_ecosystem_token *The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability."2018-06-25not yet calculatedCVE-2018-12702 MISC MISCethereum -- goal_bonanza_token *The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12083 MISCethereum -- gold_reward_token *The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-11446 MISCethereum -- internet_node_tokenThe mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12080 MISCethereum -- internet_node_token *The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12063 MISCethereum -- polyai_token *The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12078 MISCethereum -- sec_token *The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12070 MISCethereum -- substratum_token *The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12067 MISCethereum -- substraum_token *The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12079 MISCethereum -- swftcoin_token *The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12062 MISCethereum -- target_coin_tokenThe mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12081 MISCethereum -- target_coin_token *The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12068 MISCexempi -- exempi *The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.2018-06-22not yet calculatedCVE-2018-12648 MISCf5 -- big-ipOn BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.2018-06-27not yet calculatedCVE-2018-5527 SECTRACK CONFIRMf5 -- big-ip *Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.2018-06-27not yet calculatedCVE-2018-5528 SECTRACK CONFIRMflir -- brickstream_2300_devices *Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.2018-06-28not yet calculatedCVE-2018-12920 MISCfortinet -- fortimanagerAn improper access control vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.2018-06-27not yet calculatedCVE-2018-1354 BID SECTRACK SECTRACK CONFIRMfortinet -- fortimanagerAn open redirect vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.2018-06-27not yet calculatedCVE-2018-1355 BID SECTRACK SECTRACK CONFIRMfortinet -- fortimanager *A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log.2018-06-28not yet calculatedCVE-2018-1351 BID SECTRACK CONFIRMfroxlor -- froxlor *Froxlor version Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.2018-06-26not yet calculatedCVE-2018-1000502 MISC MISCnetapp*-- oncommand_unified_manager_for_7-mode *NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.2018-06-22not yet calculatedCVE-2017-7568 BID CONFIRMnorthern_electric_and_power -- inverter_devices *Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.2018-06-28not yet calculatedCVE-2018-12927 MISCnov/json-jwt -- nov/json-jwt Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.2018-06-26not yet calculatedCVE-2018-1000539 MISCnsmaomao/mao10cms -- nsmaomao/mao10cms mao10cms 6 allows XSS via the m=bbs&a=index page.2018-06-23not yet calculatedCVE-2018-12695 MISCnsmaomao/mao10cms -- nsmaomao/mao10cms mao10cms 6 allows XSS via the article page.2018-06-23not yet calculatedCVE-2018-12696 MISCntt-cert*-- flets_virus_clear *Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0563 JVN MISC MISCnucom -- wr644gacv_devices *NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.2018-06-25not yet calculatedCVE-2018-8755 MISCocs_inventory_ng -- ocs_inventory_ngOCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.2018-06-26not yet calculatedCVE-2018-1000558 MISC MISCocs_inventory_ng -- ocs_inventory_ng *OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1.2018-06-26not yet calculatedCVE-2018-1000557 MISC MISCoctopus -- deploy *In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.2018-06-26not yet calculatedCVE-2018-12884 MISConefilecms -- onefilecmsonefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.2018-06-29not yet calculatedCVE-2018-12995 MISConefilecms -- onefilecms *onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.2018-06-29not yet calculatedCVE-2018-12993 MISConefilecms -- onefilecms *onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.2018-06-29not yet calculatedCVE-2018-12994 MISCopenpsa -- openpsaOpenpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.2018-06-26not yet calculatedCVE-2018-1000526 MISC MISCopenpsa -- openpsa *openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0.2018-06-26not yet calculatedCVE-2018-1000525 MISC MISCopenslp -- openslp *slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution.2018-06-28not yet calculatedCVE-2018-12938 BID BID MISCopentsdb -- opentsdbAn issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.2018-06-29not yet calculatedCVE-2018-12973 MISCopentsdb -- opentsdb *An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.2018-06-29not yet calculatedCVE-2018-12972 MISCopentsdb -- opentsdb *An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.2018-06-29not yet calculatedCVE-2018-13003 MISCoswetto/loboevolution -- oswetto/loboevolution LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.2018-06-26not yet calculatedCVE-2018-1000540 MISCovirt -- engine *ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.2018-06-26not yet calculatedCVE-2018-1072 REDHAT CONFIRMowen -- 5000_trillion_yen_converter_chrome_extension *Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0612 JVN MISCperl -- perl *perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.2018-06-29not yet calculatedCVE-2018-10860 CONFIRMpharos_controls -- pharos_controls_devices *Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.2018-06-28not yet calculatedCVE-2018-12926 MISCphp -- php *exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.2018-06-25not yet calculatedCVE-2018-12882 BID CONFIRMphpldapadmin -- phpldapadminphpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.2018-06-22not yet calculatedCVE-2018-12689 EXPLOIT-DBpivotal -- operations_manager *Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager2018-06-25not yet calculatedCVE-2018-11046 BID CONFIRMpivotal -- springSpring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.2018-06-25not yet calculatedCVE-2018-11040 CONFIRMpivotal -- spring *Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.2018-06-25not yet calculatedCVE-2018-11039 CONFIRMpixar -- rendermanA denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.2018-06-26not yet calculatedCVE-2018-3840 MISCpixar -- renderman *A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.2018-06-26not yet calculatedCVE-2018-3841 MISCpixelpost -- pixelpostCross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0605 JVNpixelpost -- pixelpostSQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0606 JVNpixelpost -- pixelpost *Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0604 JVNpodofo -- podofoA stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.2018-06-29not yet calculatedCVE-2018-12983 MISCpodofo -- podofo *Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.2018-06-29not yet calculatedCVE-2018-12982 MISCpolaris -- office *Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.2018-06-28not yet calculatedCVE-2018-12589 MISCportainer -- portainer *Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.2018-06-22not yet calculatedCVE-2018-12678 CONFIRM CONFIRMqutebrowser -- qutebrowser *qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).2018-06-26not yet calculatedCVE-2018-1000559 MISC MISC MISCraydac/netbeans-mmd-plugin -- raydac/netbeans-mmd-plugin netbeans-mmd-plugin version cbBitsSrc value.2018-06-28not yet calculatedCVE-2018-12932 MISC MISC MISC MISC MISCwine -- wine *PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.2018-06-28not yet calculatedCVE-2018-12933 MISC MISC MISC MISC MISCwordpress -- wordpressWP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24.2018-06-26not yet calculatedCVE-2018-1000510 MISCwordpress -- wordpressTooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.2018-06-26not yet calculatedCVE-2018-1000512 MISCwordpress -- wordpressMetronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.2018-06-26not yet calculatedCVE-2018-1000506 MISCwordpress -- wordpressTooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.2018-06-26not yet calculatedCVE-2018-1000505 MISCwordpress -- wordpressRedirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.2018-06-26not yet calculatedCVE-2018-1000504 MISCwordpress -- wordpressWP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2.2018-06-26not yet calculatedCVE-2018-1000508 MISCwordpress -- wordpressWP User Groups version 2.0.0 contains a Cross Site Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.2018-06-26not yet calculatedCVE-2018-1000507 MISCwordpress -- wordpressWP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.2018-06-26not yet calculatedCVE-2018-1000511 MISCwordpress -- wordpressRedirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.2018-06-26not yet calculatedCVE-2018-1000509 MISCwordpress -- wordpress *WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .2018-06-26not yet calculatedCVE-2018-1000556 MISCwordpress -- wordpress *WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.2018-06-26not yet calculatedCVE-2018-12895 BID MISCwordpress -- wordpress *The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.2018-06-22not yet calculatedCVE-2018-12636 CONFIRM EXPLOIT-DBwordpress -- wordpress *Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0602 JVN MISCwordpress -- wordpress *Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0603 JVN MISC MISCwordpress -- wordpress *In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.2018-06-26not yet calculatedCVE-2018-12902 MISCwstmall -- wstmall *WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.2018-06-29not yet calculatedCVE-2018-13010 MISCyaml/pyyaml -- yaml/pyyaml *In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.2018-06-27not yet calculatedCVE-2017-18342 MISC MISCyxcms -- yxcms *protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.2018-06-29not yet calculatedCVE-2018-13025 MISCzenphoto -- zenphoto *Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.2018-06-26not yet calculatedCVE-2018-0610 JVN MISCzoho -- manageengineA reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13780) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.2018-06-29not yet calculatedCVE-2018-12996 MISCzoho -- manageengineIncorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.2018-06-29not yet calculatedCVE-2018-12997 MISCzoho -- manageengineA reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperS ervlet.2018-06-29not yet calculatedCVE-2018-12998 MISCzoho -- manageengine *Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.2018-06-29not yet calculatedCVE-2018-12999 @#370#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
All times are GMT -7. The time now is 09:43 AM. |
Powered by vBulletin, Jelsoft Enterprises Ltd.