U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB19-084)

Vulnerability Summary for the Week of March 18, 2019

Original release date: March 25, 2019 | Last revised: March 26, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airmore -- airmoreThe AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.2019-03-157.8CVE-2019-9831
EXPLOIT-DB
MISC
capmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.2019-03-157.2CVE-2018-18252
MISC
capmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges.2019-03-157.2CVE-2018-18255
MISC
capmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.2019-03-157.2CVE-2018-18256
MISC
caret -- caretCaret before 2019-02-22 allows Remote Code Execution.2019-03-227.5CVE-2019-9927
MISC
designchemical -- social_network_tabsThe Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.2019-03-217.5CVE-2018-20555
MISC
ens -- webgalambsubscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.2019-03-217.5CVE-2018-19510
MISC
MISC
ens -- webgalambIn Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory.2019-03-219.0CVE-2018-19512
MISC
MISC
ens -- webgalambIn Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file.2019-03-217.5CVE-2018-19514
MISC
MISC
ens -- webgalambIn Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.2019-03-217.5CVE-2018-19515
MISC
MISC
five9 -- agent_desktop_plusFive9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).2019-03-177.5CVE-2018-15509
MISC
hidglobal -- easylobby_soloEasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.2019-03-217.2CVE-2018-17491
XF
kioware -- kioware_serverKioWare Server 4.9.6 allows local users to gain privileges by replacing \kioware_com\KWSS.exe with a Trojan horse program, because \kioware_com has "Everyone: (F)" permissions.2019-03-217.2CVE-2018-18435
MISC
EXPLOIT-DB
openmrs -- openmrsOpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.2019-03-2110.0CVE-2018-19276
MISC
EXPLOIT-DB
opensuse -- yast2-printerIn yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.2019-03-159.3CVE-2018-20106
CONFIRM
portier -- portierAn issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.2019-03-217.5CVE-2019-5722
MISC
BUGTRAQ
EXPLOIT-DB
MISC
putty -- puttyIn PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.2019-03-217.5CVE-2019-9895
MISC
putty -- puttyPotential recycling of random numbers used in cryptography exists within PuTTY before 0.71.2019-03-217.5CVE-2019-9898
BID
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.2019-03-157.5CVE-2018-20177
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20179
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20180
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20181
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.2019-03-157.5CVE-2018-20182
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
roxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows unrestricted file upload in upload.php.2019-03-217.5CVE-2018-20526
MISC
EXPLOIT-DB
school_attendance_monitoring_system_project -- school_attendance_monitoring_systemSchool Attendance Monitoring System 1.0 has SQL Injection via user/controller.php?action=edit.2019-03-217.5CVE-2018-18798
MISC
EXPLOIT-DB
solarwinds -- serv-u_ftp_serverSolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.2019-03-219.0CVE-2018-15906
MISC
MISC
MISC
thresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.2019-03-217.2CVE-2018-17493
XF
thresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.2019-03-217.2CVE-2018-17494
XF
thresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.2019-03-217.2CVE-2018-17495
XF
thresholdsecurity -- evisitorpasseVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.2019-03-217.2CVE-2018-17496
XF
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abantecart -- abantecartAbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.2019-03-214.3CVE-2018-20141
MISC
MISC
MISC
advance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-216.8CVE-2018-20633
MISC
advance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.2019-03-214.0CVE-2018-20634
MISC
advance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-214.0CVE-2018-20635
MISC
airdrop_project -- airdropThe AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.2019-03-155.0CVE-2019-9832
EXPLOIT-DB
MISC
airties -- air_5341_firmwareAirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.2019-03-216.8CVE-2019-6967
MISC
MISC
MISC
EXPLOIT-DB
artifex -- ghostscriptIn Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.2019-03-216.8CVE-2019-6116
CONFIRM
CONFIRM
MISC
MLIST
MLIST
BID
REDHAT
MISC
CONFIRM
MLIST
FEDORA
FEDORA
UBUNTU
DEBIAN
EXPLOIT-DB
bestpractical -- request_trackerThe email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.2019-03-215.0CVE-2018-18898
CONFIRM
FEDORA
FEDORA
booking_calendar_project -- booking_calendarSQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.2019-03-216.5CVE-2018-20556
MISC
EXPLOIT-DB
bose -- soundtouchAn issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.2019-03-214.3CVE-2018-12638
MISC
MISC
broadcastboxes -- scion-8_firmwareCircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.2019-03-155.0CVE-2019-5616
MISC
capmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.2019-03-156.9CVE-2018-18253
MISC
capmon -- access_managerAn issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.2019-03-154.6CVE-2018-18254
MISC
car_rental_script_project -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.2019-03-216.8CVE-2018-20648
MISC
colossusxt -- colossuscoinxtColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.2019-03-215.0CVE-2018-19158
MISC
CONFIRM
MISC
coyoapp -- coyoCOYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.2019-03-214.3CVE-2018-16519
MISC
MISC
MISC
CONFIRM
cryptobots -- battletokenAn Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.2019-03-155.0CVE-2018-17882
MISC
MISC
deltek -- ajeraSecure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.2019-03-216.5CVE-2018-20221
MISC
MISC
dnnsoftware -- dotnetnukeDNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.2019-03-214.3CVE-2018-14486
MISC
MISC
dropbear_ssh_project -- dropbear_sshIt was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.2019-03-215.0CVE-2017-2659
CONFIRM
MISC
ens -- webgalambwg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.2019-03-214.3CVE-2018-19509
MISC
MISC
ens -- webgalambwg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.2019-03-214.3CVE-2018-19511
MISC
MISC
ens -- webgalambIn Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.2019-03-215.0CVE-2018-19513
MISC
MISC
fasterxml -- jackson-databindAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.2019-03-215.1CVE-2018-12022
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
MISC
fasterxml -- jackson-databindAn issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.2019-03-215.1CVE-2018-12023
MISC
MISC
MISC
MISC
MISC
CONFIRM
CONFIRM
fedoraproject -- fedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.2019-03-215.0CVE-2019-5885
CONFIRM
CONFIRM
CONFIRM
CONFIRM
five9 -- agent_desktop_plusFive9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2).2019-03-215.0CVE-2018-15508
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.2019-03-216.8CVE-2019-6727
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.2019-03-214.3CVE-2019-6728
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423.2019-03-216.8CVE-2019-6729
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.2019-03-216.8CVE-2019-6730
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369.2019-03-216.8CVE-2019-6731
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453.2019-03-214.3CVE-2019-6732
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576.2019-03-214.3CVE-2019-6733
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452.2019-03-214.3CVE-2019-6734
MISC
MISC
foxitsoftware -- phantompdfThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355.2019-03-214.3CVE-2019-6735
MISC
MISC
fujitsu -- gk900_firmwareThe receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.2019-03-155.8CVE-2019-9835
BID
MISC
get-simple. -- getsimplecmsGetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.2019-03-215.8CVE-2019-9915
MISC
MISC
haproxy -- haproxyAn out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.2019-03-215.0CVE-2018-20615
MLIST
BID
REDHAT
UBUNTU
MLIST
ibm -- infosphere_streamsIBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.2019-03-214.3CVE-2017-1713
CONFIRM
XF
image_sharing_script_project -- image_sharing_scriptPHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.2019-03-215.0CVE-2019-7430
MISC
image_sharing_script_project -- image_sharing_scriptPHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.2019-03-214.0CVE-2019-7431
MISC
jollytech -- lobby_trackLobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.2019-03-214.6CVE-2018-17487
XF
jollytech -- lobby_trackLobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.2019-03-214.6CVE-2018-17488
XF
layerbb -- layerbbLayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.2019-03-215.8CVE-2018-17996
MISC
MISC
MISC
EXPLOIT-DB
layerbb -- layerbbLayerBB 1.1.1 allows XSS via the titles of conversations (PMs).2019-03-214.3CVE-2018-17997
MISC
CONFIRM
EXPLOIT-DB
macpaw -- cleanmymac_xAn exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.2019-03-216.6CVE-2019-5011
MISC
microweber -- microweberMicroweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.2019-03-214.3CVE-2018-19917
MISC
MISC
MISC
MISC
moodle -- moodleMoodle 3.5.x before 3.5.4 allows SSRF.2019-03-216.0CVE-2019-6970
MISC
my-netdata -- netdataThe Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user.2019-03-154.3CVE-2019-9834
EXPLOIT-DB
MISC
opentext -- documentum_webtopXSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.2019-03-214.3CVE-2019-7416
MISC
FULLDISC
MISC
phamm -- phammPhamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).2019-03-174.3CVE-2018-20806
MISC
podcastgenerator -- podcast_generatorPodcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.2019-03-214.3CVE-2018-20121
MISC
MISC
MISC
MISC
portier -- portierAn issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the application can be easily decrypted.2019-03-215.0CVE-2019-5723
MISC
BUGTRAQ
MISC
property_rental_software_project -- property_rental_softwarePHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.2019-03-214.0CVE-2019-7429
MISC
putty -- puttyA remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.2019-03-216.4CVE-2019-9894
MISC
putty -- puttyIn PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.2019-03-214.6CVE-2019-9896
MISC
putty -- puttyMultiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.2019-03-215.0CVE-2019-9897
MISC
qemu -- qemuIn QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.2019-03-214.6CVE-2019-6778
SUSE
MISC
BID
FEDORA
MISC
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.2019-03-155.0CVE-2018-20174
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20175
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).2019-03-155.0CVE-2018-20176
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rdesktop -- rdesktoprdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).2019-03-155.0CVE-2018-20178
BID
MISC
MLIST
CONFIRM
GENTOO
DEBIAN
rental_bike_script_project -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-216.8CVE-2019-7433
MISC
rental_bike_script_project -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.2019-03-214.0CVE-2019-7434
MISC
reputeinfosystems -- repute_arformsAn issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.2019-03-216.4CVE-2018-15818
MISC
MISC
roxyfileman -- roxy_filemanRoxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.2019-03-215.0CVE-2018-20525
MISC
EXPLOIT-DB
s-cms -- s-cmsS-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.2019-03-224.3CVE-2019-9925
MISC
saltos -- saltosSaltOS 3.1 r8126 allows CSRF.2019-03-214.3CVE-2018-18762
MISC
EXPLOIT-DB
screen_stream_project -- screen_streamThe Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.2019-03-155.0CVE-2019-9833
EXPLOIT-DB
simplenia -- pagesThe Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.2019-03-214.3CVE-2018-19498
MISC
MISC
MISC
top-vision -- cc8800ce_firmwareTopvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.2019-03-155.0CVE-2018-18205
MISC
MISC
twiki -- twikibin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.2019-03-214.3CVE-2018-20212
MISC
MISC
MISC
wowza -- streaming_engineThe REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.2019-03-215.0CVE-2018-19365
MISC
zenphoto -- zenphotoZenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.2019-03-214.3CVE-2018-20140
MISC
MISC
MISC
MISC
MISC
zohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.2019-03-214.3CVE-2019-7422
MISC
FULLDISC
MISC
zohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.2019-03-214.3CVE-2019-7423
MISC
FULLDISC
MISC
zohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.2019-03-214.3CVE-2019-7424
MISC
FULLDISC
MISC
zohocorp -- manageengine_netflow_analyzerXSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.2019-03-214.3CVE-2019-7425
MISC
FULLDISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
advance_b2b_script_project -- advance_b2b_scriptPHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.2019-03-213.5CVE-2018-20632
MISC
avast -- free_antivirusAvast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.2019-03-212.1CVE-2018-12572
MISC
envoy -- passportEnvoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.2019-03-212.1CVE-2018-17499
XF
hidglobal -- easylobby_soloEasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.2019-03-212.1CVE-2018-17489
XF
hidglobal -- easylobby_soloEasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.2019-03-213.6CVE-2018-17490
XF
hidglobal -- easylobby_soloEasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17492
XF
jollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.2019-03-212.1CVE-2018-17482
XF
jollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.2019-03-212.1CVE-2018-17483
XF
jollytech -- lobby_trackLobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.2019-03-213.6CVE-2018-17484
XF
jollytech -- lobby_trackLobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17485
XF
jollytech -- lobby_trackLobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.2019-03-213.6CVE-2018-17486
XF
opensuse -- yast2-samba-provisionIn yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list2019-03-152.1CVE-2018-17956
CONFIRM
qemu -- qemuIn Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.2019-03-212.1CVE-2018-18849
SUSE
SUSE
SUSE
MISC
FEDORA
MISC
UBUNTU
securenvoy -- securaccessAn issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone.2019-03-211.9CVE-2018-18466
MISC
thresholdsecurity -- evisitorpasseVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.2019-03-212.1CVE-2018-17497
XF
webmin -- webminWebmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.2019-03-213.5CVE-2018-19191
MISC
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- hadoop
 
In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.2019-03-21not yet calculatedCVE-2018-11767
MLIST
MLIST
MLIST
apache -- heron
 
When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.2019-03-21not yet calculatedCVE-2018-11789
BID
MLIST
apache -- karaf
 
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.2019-03-21not yet calculatedCVE-2019-0191
BID
MLIST
audiocodes -- ip_phone_420hd_devices
 
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.2019-03-21not yet calculatedCVE-2018-10093
MISC
MISC
MISC
audiocodes -- ip_phone_420hd_devices
 
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.2019-03-21not yet calculatedCVE-2018-10091
MISC
MISC
barracuda -- vpn_clientThe barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.2019-03-21not yet calculatedCVE-2019-6724
CONFIRM
MISC
CONFIRM
bash -- bash
 
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.2019-03-22not yet calculatedCVE-2019-9924
MISC
MISC
blackberry -- athoc
 
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.2019-03-21not yet calculatedCVE-2019-8997
MISC
blogengine.net -- blogengine.net
 
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.2019-03-21not yet calculatedCVE-2019-6714
MISC
MISC
MISC
EXPLOIT-DB
bmc -- remedy_mid-tier
 
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.2019-03-21not yet calculatedCVE-2018-18862
MISC
MISC
CONFIRM
chinamobile -- plc_wireless_routerChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.2019-03-21not yet calculatedCVE-2019-6282
MISC
MISC
EXPLOIT-DB
MISC
chinamobile -- plc_wireless_router
 
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.2019-03-21not yet calculatedCVE-2019-6279
MISC
MISC
EXPLOIT-DB
MISC
cisco -- ip_phone_7800_series_and_ip_phone_8800_series
 
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.2019-03-22not yet calculatedCVE-2019-1716
CISCO
cisco -- ip_phone_8800_seriesA vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.2019-03-22not yet calculatedCVE-2019-1766
CISCO
cisco -- ip_phone_8800_seriesA vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.2019-03-22not yet calculatedCVE-2019-1765
CISCO
cisco -- ip_phone_8800_series
 
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.2019-03-22not yet calculatedCVE-2019-1763
CISCO
cisco -- ip_phone_8800_series
 
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.2019-03-22not yet calculatedCVE-2019-1764
CISCO
ckeditor -- ckeditor
 
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.2019-03-21not yet calculatedCVE-2019-9870
MISC
MISC
controlbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_moduleA stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.2019-03-21not yet calculatedCVE-2018-18882
BID
MISC
controlbyweb -- x-320m-i_web-enabled instrumentation-grade_data_acquisition_module
 
A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state.2019-03-21not yet calculatedCVE-2018-18881
BID
MISC
core_ftp -- core_ftpAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.2019-03-22not yet calculatedCVE-2019-9649
CONFIRM
BID
FULLDISC
EXPLOIT-DB
core_ftp -- core_ftp
 
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.2019-03-22not yet calculatedCVE-2019-9648
CONFIRM
BID
FULLDISC
EXPLOIT-DB
coturn -- coturn
 
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.2019-03-21not yet calculatedCVE-2018-4059
MISC
coturn -- coturn
 
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4058
MISC
cujo -- smart_firewall
 
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-3985
MISC
cujo -- smart_firewall
 
An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4003
MISC
cujo -- smart_firewall
 
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.2019-03-21not yet calculatedCVE-2018-3963
MISC
cujo -- smart_firewall
 
An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.2019-03-21not yet calculatedCVE-2018-4011
MISC
cujo -- smart_firewall
 
An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.2019-03-21not yet calculatedCVE-2018-4030
MISC
cujo -- smart_firewall
 
An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.2019-03-21not yet calculatedCVE-2018-3969
MISC
denx -- das_u-boot
 
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.2019-03-21not yet calculatedCVE-2018-3968
MISC
digi -- transport_lr54
 
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.2019-03-21not yet calculatedCVE-2018-20162
MISC
MISC
MISC
donfig -- donfigAn issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.2019-03-21not yet calculatedCVE-2019-7537
MISC
MISC
doorkeeper -- openidconnect
 
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.2019-03-21not yet calculatedCVE-2019-9837
MISC
MISC
MISC
envoy -- passport_for_android_and_passport_for_iphone
 
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.2019-03-21not yet calculatedCVE-2018-17500
XF
ericsson -- active_library_explorer
 
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter.2019-03-21not yet calculatedCVE-2019-7417
MISC
FULLDISC
MISC
fatek -- automation_pm_designer_and_automation_fv_designer
 
A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.2019-03-21not yet calculatedCVE-2016-5800
MISC
flexera_software -- flexnet_publisherA Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20034
CONFIRM
flexera_software -- flexnet_publisherA Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20032
CONFIRM
flexera_software -- flexnet_publisher
 
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.2019-03-21not yet calculatedCVE-2018-20031
CONFIRM
gl.inet -- gl-ar300m-lite_devicesCommand injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.2019-03-21not yet calculatedCVE-2019-6275
MISC
EXPLOIT-DB
gl.inet -- gl-ar300m-lite_devicesDirectory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.2019-03-21not yet calculatedCVE-2019-6274
MISC
EXPLOIT-DB
gl.inet -- gl-ar300m-lite_devicesdownload_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.2019-03-21not yet calculatedCVE-2019-6273
MISC
EXPLOIT-DB
gl.inet -- gl-ar300m-lite_devices
 
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.2019-03-21not yet calculatedCVE-2019-6272
MISC
EXPLOIT-DB
gnu -- tar
 
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.2019-03-22not yet calculatedCVE-2019-9923
MISC
MISC
MISC
graphviz -- graphviz
 
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.2019-03-21not yet calculatedCVE-2019-9904
MISC
MISC
heimdal_security -- thor_agent
 
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.2019-03-21not yet calculatedCVE-2019-8351
MISC
hms_industrial_networks -- netbiter_ws100_devices
 
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.2019-03-21not yet calculatedCVE-2018-19694
MISC
MISC
CONFIRM
MISC
hospira -- symbiq_infusion_system
 
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.2019-03-23not yet calculatedCVE-2015-3965
MISC
hostapd -- hostapd
 
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.2019-03-23not yet calculatedCVE-2016-10743
MISC
humhub -- humhubA Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.2019-03-21not yet calculatedCVE-2019-9094
MISC
humhub -- humhub
 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.2019-03-21not yet calculatedCVE-2019-9093
MISC
ibm -- api_connect
 
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.2019-03-22not yet calculatedCVE-2019-4052
CONFIRM
XF
ibm -- content_navigator
 
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.2019-03-22not yet calculatedCVE-2019-4035
CONFIRM
XF
ibm -- db2_for_linux_and_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.2019-03-21not yet calculatedCVE-2019-4094
XF
CONFIRM
ibm -- power_9_systems
 
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.2019-03-21not yet calculatedCVE-2018-1992
XF
CONFIRM
ibm -- websphere_mq
 
IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150661.2019-03-21not yet calculatedCVE-2018-1836
BID
XF
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.2019-03-23not yet calculatedCVE-2019-9956
BID
MISC
insteon -- hub
 
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2019-03-21not yet calculatedCVE-2017-16253
MISC
insteon -- hub
 
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.2019-03-21not yet calculatedCVE-2017-16255
MISC
insteon -- hub
 
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2019-03-21not yet calculatedCVE-2017-16254
MISC
invoiceplane -- invoiceplane
 
InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255.2019-03-21not yet calculatedCVE-2019-7223
MISC
iobit -- smart_defrag
 
SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.2019-03-21not yet calculatedCVE-2019-6492
MISC
ipycache -- ipycacheA code injection issue was discovered in ipycache through 2016-05-31.2019-03-21not yet calculatedCVE-2019-7539
CONFIRM
jiofi -- 4g_m2s_devicesJioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).2019-03-21not yet calculatedCVE-2019-7440
MISC
kentix -- multisensor-lan_devices
 
Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.2019-03-21not yet calculatedCVE-2018-19783
MISC
MISC
kill-port -- kill-portIf an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.2019-03-21not yet calculatedCVE-2019-5414
MISC
lenovo -- dynamic_power_reduction_utility
 
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.2019-03-17not yet calculatedCVE-2019-6149
BID
CONFIRM
libseccomp -- libseccomp
 
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.2019-03-21not yet calculatedCVE-2019-9893
MISC
MISC
libsndfile -- libsndfile
 
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.2019-03-21not yet calculatedCVE-2019-3832
CONFIRM
CONFIRM
CONFIRM
libssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3858
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC
libssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3859
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC
libssh2 -- libssh2An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.2019-03-21not yet calculatedCVE-2019-3862
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC
libssh2 -- libssh2
 
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.2019-03-21not yet calculatedCVE-2019-3855
MISC
MLIST
BID
CONFIRM
FEDORA
BUGTRAQ
MISC
limesurvey -- limesurvey
 
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.2019-03-23not yet calculatedCVE-2019-9960
MISC
linux -- kernel
 
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.2019-03-21not yet calculatedCVE-2019-9857
BID
MISC
MISC
linux -- kernel
 
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.2019-03-21not yet calculatedCVE-2018-19985
MISC
MISC
MISC
MISC
MISC
linux -- kernel
 
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.2019-03-21not yet calculatedCVE-2018-20669
MISC
MLIST
MLIST
BID
MISC
linux -- kernel
 
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.2019-03-21not yet calculatedCVE-2019-7222
SUSE
MISC
MLIST
BID
CONFIRM
CONFIRM
MISC
FEDORA
FEDORA
linux -- kernel
 
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.2019-03-21not yet calculatedCVE-2019-7221
SUSE
MISC
MISC
CONFIRM
CONFIRM
MISC
FEDORA
FEDORA
localhost-now -- localhost-now
 
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.2019-03-21not yet calculatedCVE-2019-5416
MISC
logonbox -- nervepoint_access_manager
 
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.2019-03-21not yet calculatedCVE-2019-6716
MISC
EXPLOIT-DB
MISC
mailcleaner -- mailcleaner_community_edition
 
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.2019-03-21not yet calculatedCVE-2018-20323
MISC
MISC
mastercard -- qkr!_with_masterpass
 
The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier.2019-03-21not yet calculatedCVE-2019-6702
MISC
FULLDISC
MISC
MISC
morgan -- morgan
 
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.2019-03-21not yet calculatedCVE-2019-5413
MISC
moxa -- oncell_g3100v2_series_and_oncell g3111/g3151/g3211/g3251_series
 
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server.2019-03-21not yet calculatedCVE-2016-5819
MISC
moxa -- softcms
 
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.2019-03-21not yet calculatedCVE-2015-6457
MISC
moxa -- softcms
 
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.2019-03-21not yet calculatedCVE-2015-6458
MISC
mybb -- mybb
 
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.2019-03-21not yet calculatedCVE-2018-14724
EXPLOIT-DB
mybb -- mybb
 
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.2019-03-21not yet calculatedCVE-2018-14575
MISC
MISC
MISC
netapp -- service_processor
 
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY.2019-03-21not yet calculatedCVE-2019-5490
CONFIRM
netiq -- edirectory
 
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.2019-03-21not yet calculatedCVE-2016-9166
CONFIRM
nokia -- 8810_4g_devices
 
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.2019-03-21not yet calculatedCVE-2019-7386
MISC
FULLDISC
MISC
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite 7.8.4 and earlier allows SSRF.2019-03-21not yet calculatedCVE-2018-13103
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)2019-03-21not yet calculatedCVE-2018-13104
MISC
MISC
opentext -- portal
 
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.2019-03-22not yet calculatedCVE-2018-20165
MISC
opera_software -- opera
 
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.2019-03-21not yet calculatedCVE-2018-18913
CONFIRM
MISC
patlite -- nbm-d88n_and_nhl-3fb1_and_nhl-3fv1n_devices
 
A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices allows attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.2019-03-21not yet calculatedCVE-2018-18473
MISC
phpscriptsmall.com -- advance_crowdfunding_scriptPHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20630
MISC
phpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.2019-03-21not yet calculatedCVE-2018-20644
MISC
phpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.2019-03-21not yet calculatedCVE-2018-20645
MISC
phpscriptsmall.com -- basic_b2b_scriptPHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.2019-03-21not yet calculatedCVE-2018-20646
MISC
phpscriptsmall.com -- car_rental_scriptPHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.2019-03-21not yet calculatedCVE-2018-20647
MISC
phpscriptsmall.com -- charity_foundation_scriptPHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20628
MISC
phpscriptsmall.com -- charity_foundation_scriptPHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20629
MISC
phpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.2019-03-21not yet calculatedCVE-2018-20637
MISC
phpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-21not yet calculatedCVE-2018-20638
MISC
phpscriptsmall.com -- chartered_accountantPHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.2019-03-21not yet calculatedCVE-2018-20636
MISC
phpscriptsmall.com -- consumer_reviews_scriptPHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.2019-03-21not yet calculatedCVE-2018-20627
MISC
phpscriptsmall.com -- consumer_reviews_script
 
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.2019-03-21not yet calculatedCVE-2018-20626
MISC
phpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.2019-03-21not yet calculatedCVE-2018-20642
MISC
phpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.2019-03-21not yet calculatedCVE-2018-20639
MISC
phpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.2019-03-21not yet calculatedCVE-2018-20641
MISC
phpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.2019-03-21not yet calculatedCVE-2018-20640
MISC
phpscriptsmall.com -- entrepreneur_job_portal_scriptPHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.2019-03-21not yet calculatedCVE-2018-20643
MISC
phpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.2019-03-21not yet calculatedCVE-2019-7436
MISC
phpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.2019-03-21not yet calculatedCVE-2019-7435
MISC
phpscriptsmall.com -- opensource_classified_ads_scriptPHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.2019-03-21not yet calculatedCVE-2019-7437
MISC
phpscriptsmall.com -- rental_bike_scriptPHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.2019-03-21not yet calculatedCVE-2019-7432
MISC
phpscriptsmall.com -- website_seller_script
 
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.2019-03-21not yet calculatedCVE-2018-20631
MISC
plohni -- advanced_comment_system
 
internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued.2019-03-21not yet calculatedCVE-2018-18845
MISC
MISC
poppler -- poppler
 
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.2019-03-21not yet calculatedCVE-2019-9903
MISC
MISC
powerdns -- authoritative_server
 
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response2019-03-21not yet calculatedCVE-2019-3871
MLIST
BID
CONFIRM
MISC
printeron -- enterprise
 
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.2019-03-21not yet calculatedCVE-2018-17167
MISC
puppet -- chloride
 
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.2019-03-21not yet calculatedCVE-2018-6517
CONFIRM
puppet -- discovery
 
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.2019-03-21not yet calculatedCVE-2018-11747
CONFIRM
python -- pythonurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.2019-03-23not yet calculatedCVE-2019-9948
MISC
MISC
python -- python
 
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.2019-03-23not yet calculatedCVE-2019-9947
MISC
python-gnupg -- python-gnupg
 
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.2019-03-21not yet calculatedCVE-2019-6690
SUSE
SUSE
MISC
BID
MLIST
MISC
BUGTRAQ
qemu -- qemu
 
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.2019-03-21not yet calculatedCVE-2019-8934
MISC
MISC
MISC
qemu -- qemu
 
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.2019-03-21not yet calculatedCVE-2019-6501
MLIST
MLIST
qt -- qt
 
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.2019-03-21not yet calculatedCVE-2018-19872
CONFIRM
raisecom -- multiple_productsAn authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.2019-03-21not yet calculatedCVE-2019-7384
MISC
FULLDISC
MISC
MISC
BID
MISC
raisecom -- multiple_productsAn authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.2019-03-21not yet calculatedCVE-2019-7385
MISC
MISC
FULLDISC
MISC
BID
MISC

reliance_jio_infocomm -- jiofi_4g_m2s_devices

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.2019-03-21not yet calculatedCVE-2019-7439
MISC
reliance_jio_infocomm -- jiofi_4g_m2s_devicescgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.2019-03-21not yet calculatedCVE-2019-7438
MISC
MISC
risi -- gestao_de_horarios
 
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.2019-03-21not yet calculatedCVE-2019-6491
MISC
samsung -- galaxy_s6Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.2019-03-21not yet calculatedCVE-2018-14745
MISC
MISC
CONFIRM
samsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.2019-03-21not yet calculatedCVE-2019-7421
MISC
FULLDISC
MISC
MISC
samsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.2019-03-21not yet calculatedCVE-2019-7420
MISC
FULLDISC
MISC
MISC
samsung -- x7400gx_syncthru_web_serviceXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.2019-03-21not yet calculatedCVE-2019-7419
MISC
FULLDISC
MISC
MISC
samsung -- x7400gx_syncthru_web_service
 
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.2019-03-21not yet calculatedCVE-2019-7418
MISC
FULLDISC
MISC
MISC
schneider_electric -- modicon_plc_productsReflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.2019-03-21not yet calculatedCVE-2015-6462
MISC
schneider_electric -- modicon_plc_products
 
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.2019-03-21not yet calculatedCVE-2015-6461
MISC

shareit -- shareit_for_android

The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.2019-03-22not yet calculatedCVE-2019-9939
MISC
shareit -- shareit_for_android
 
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device."2019-03-22not yet calculatedCVE-2019-9938
MISC
shellinabox -- shellinabox
 
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.2019-03-21not yet calculatedCVE-2018-16789
MISC
MISC
CONFIRM
CONFIRM
shenzhen_electronics_coship -- multiple_devices
 
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.2019-03-21not yet calculatedCVE-2019-6441
MISC
MISC
MISC
MISC
EXPLOIT-DB
EXPLOIT-DB
shenzhen_skyworth -- multiple_devices
 
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.2019-03-21not yet calculatedCVE-2018-19524
MISC
MISC
MISC
MISC
MISC
siemens -- multiple_products
 
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.2019-03-21not yet calculatedCVE-2018-16563
CONFIRM
siemens -- sicam_products
 
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.2019-03-21not yet calculatedCVE-2018-13798
CONFIRM
signal_messenger -- open_whisper_and_private_messenger
 
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.2019-03-23not yet calculatedCVE-2019-9970
MISC
softnas -- cloud
 
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.2019-03-23not yet calculatedCVE-2019-9945
MISC
solarwinds -- serv-u_ftp_server
 
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.2019-03-21not yet calculatedCVE-2018-19934
MISC
MISC
MISC
sonatype -- nexus_repository_manager
 
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.2019-03-21not yet calculatedCVE-2019-7238
MISC
splunk -- splunk-sdk-python
 
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.2019-03-21not yet calculatedCVE-2019-5729
CONFIRM
sqlite -- sqliteIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.2019-03-22not yet calculatedCVE-2019-9937
MISC
MISC
MISC
sqlite -- sqlite
 
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.2019-03-22not yet calculatedCVE-2019-9936
MISC
MISC
MISC
sqlitemanager -- sqlitemanager
 
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.2019-03-21not yet calculatedCVE-2019-9083
MISC
sricam -- ip_cctv_cameras
 
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.2019-03-21not yet calculatedCVE-2019-6973
MISC
MISC
EXPLOIT-DB
synaptics -- touchpad_drivers
 
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.2019-03-21not yet calculatedCVE-2018-15532
MISC
MISC
MISC
CONFIRM
systemd -- systemd
 
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).2019-03-21not yet calculatedCVE-2019-6454
SUSE
MLIST
MLIST
BID
REDHAT
MISC
MLIST
FEDORA
UBUNTU
DEBIAN
systrome -- cumilon_isg-600c_and_isg-600h_and_isg-800w_devices
 
An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.2019-03-21not yet calculatedCVE-2019-7383
MISC
MISC
FULLDISC
MISC
BID
MISC
systrome -- multiple_devices
 
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.2019-03-21not yet calculatedCVE-2018-19525
MISC
MISC
MISC
teracue -- enc-400_devicesAn issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.2019-03-21not yet calculatedCVE-2018-20219
MISC
MISC
MISC
teracue -- enc-400_devices
 
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.2019-03-21not yet calculatedCVE-2018-20220
MISC
MISC
MISC
teracue -- enc-400_devices
 
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.2019-03-21not yet calculatedCVE-2018-20218
MISC
MISC
the_receptionist -- the_receptionist_for_ipad
 
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.2019-03-21not yet calculatedCVE-2018-17502
XF
twig -- twig
 
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.2019-03-23not yet calculatedCVE-2019-9942
MISC
MISC
vanilla -- vanilla
 
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.2019-03-21not yet calculatedCVE-2019-9889
MISC
MISC
MISC
veritas -- netbackup_applianceAn issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.2019-03-21not yet calculatedCVE-2019-9868
MISC
veritas -- netbackup_applianceAn issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.2019-03-21not yet calculatedCVE-2019-9867
MISC
vertrigoserv -- vertrigoserv
 
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.2019-03-21not yet calculatedCVE-2019-8938
MISC
MISC
MISC

wifi-soft -- unibox_controller

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3496
MISC
MLIST
MISC

wifi-soft -- unibox_controller

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3497
MISC
MLIST
MISC
wifi-soft -- unibox_controller
 
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.2019-03-21not yet calculatedCVE-2019-3495
MISC
MLIST
MISC
wordpress -- wordpressThe wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.2019-03-21not yet calculatedCVE-2019-9912
FULLDISC
MISC
MISC
wordpress -- wordpressThe yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.2019-03-21not yet calculatedCVE-2019-9914
FULLDISC
MISC
MISC
wordpress -- wordpressThe wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.2019-03-21not yet calculatedCVE-2019-9913
FULLDISC
MISC
MISC
wordpress -- wordpress
 
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.2019-03-21not yet calculatedCVE-2019-9908
FULLDISC
MISC
MISC
MISC
wordpress -- wordpress
 
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.2019-03-21not yet calculatedCVE-2018-19488
MISC
wordpress -- wordpress
 
The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.2019-03-21not yet calculatedCVE-2018-19487
MISC
wordpress -- wordpress
 
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.2019-03-21not yet calculatedCVE-2019-7441
MISC
wordpress -- wordpress
 
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.2019-03-21not yet calculatedCVE-2019-9911
FULLDISC
MISC
MISC
wordpress -- wordpress
 
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.2019-03-21not yet calculatedCVE-2019-7299
MISC
MISC
MISC
wordpress -- wordpress
 
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.2019-03-21not yet calculatedCVE-2019-9909
FULLDISC
MISC
MISC
MISC
wordpress -- wordpress
 
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.2019-03-21not yet calculatedCVE-2019-9910
FULLDISC
MISC
MISC
wso2 -- api_manager
 
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.2019-03-21not yet calculatedCVE-2018-20736
CONFIRM
CONFIRM
MISC
wso2 -- api_manager
 
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.2019-03-21not yet calculatedCVE-2018-20737
CONFIRM
CONFIRM
MISC
xnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.2019-03-23not yet calculatedCVE-2019-9969
MISC
xnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.2019-03-23not yet calculatedCVE-2019-9966
MISC
xnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.2019-03-23not yet calculatedCVE-2019-9967
MISC
xnview -- xnview_classicXnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.2019-03-23not yet calculatedCVE-2019-9968
MISC
xnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.2019-03-23not yet calculatedCVE-2019-9964
MISC
xnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.2019-03-23not yet calculatedCVE-2019-9965
MISC
xnview -- xnview_mpXnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.2019-03-23not yet calculatedCVE-2019-9963
MISC
xnview -- xnview_mp
 
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.2019-03-23not yet calculatedCVE-2019-9962
MISC
xpdf -- xpdfThere is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-03-21not yet calculatedCVE-2019-9878
MISC
MISC
xpdf -- xpdf
 
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.2019-03-21not yet calculatedCVE-2019-9877
MISC
MISC
yast -- yast2-multipath
 
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection2019-03-15not yet calculatedCVE-2018-17955
CONFIRM
ysoft -- safeq_server
 
YSoft SafeQ Server 6 allows a replay attack.2019-03-21not yet calculatedCVE-2018-15498
MISC
yubico -- libu2f-host
 
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.2019-03-21not yet calculatedCVE-2018-20340
CONFIRM
MISC
MISC
CONFIRM
zeit -- serveA bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.2019-03-21not yet calculatedCVE-2019-5415
MISC
zeit -- serve
 
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.2019-03-21not yet calculatedCVE-2019-5417
MISC
zoho_manageengine -- adselfservice_plus
 
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.2019-03-21not yet calculatedCVE-2019-7161
MISC
CONFIRM
zyxel -- vmg3312-b10b_dsl-491hnu-b1b_modem
 
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.2019-03-21not yet calculatedCVE-2019-7391
MISC
MISC
EXPLOIT-DB
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top