SB18-183: Vulnerability Summary for the Week of June 25, 2018

Original release date: July 02, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
389-ds-base — 389-ds-base
 
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.2018-06-22not yet calculatedCVE-2017-2668
BID
REDHAT
REDHAT
CONFIRM
CONFIRM
aaugustin/websockets — aaugustin/websockets
 
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.2018-06-26not yet calculatedCVE-2018-1000518
MISC
adm — asustor_nas_devices
 
ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.2018-06-28not yet calculatedCVE-2018-11510
MISC
MISC
aef — advanced_electron_forum
 
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges.2018-06-29not yet calculatedCVE-2018-13000
MISC
aio-libs/aiohttp-session — aio-libs/aiohttp-session
 
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).2018-06-26not yet calculatedCVE-2018-1000519
MISC
MISC
all_nippon_airways — ana_app_for_ios
 
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-06-26not yet calculatedCVE-2018-0611
JVN
MISC
allen-bradley — l30erms_safety_devices
 
Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately.2018-06-25not yet calculatedCVE-2017-9312
BID
MISC
apache — cassandra
 
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.2018-06-28not yet calculatedCVE-2018-8016
MISC
apache — hbase
 
CVE-2018-8025 describes an issue in Apache HBase that affects the optional “Thrift 1” API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.2018-06-27not yet calculatedCVE-2018-8025
BID
MISC
apache — pluto
 
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.2018-06-27not yet calculatedCVE-2018-1306
MISC
arm — mbedtls
 
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..2018-06-26not yet calculatedCVE-2018-1000520
MISC
atlassian — fisheye_and_crucible
 
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.2018-06-28not yet calculatedCVE-2017-16859
BID
CONFIRM
CONFIRM
axis_communications — ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.2018-06-26not yet calculatedCVE-2018-10662
MISC
CONFIRM
CONFIRM
axis_communications — ip_camerasThere was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.2018-06-26not yet calculatedCVE-2018-10659
MISC
CONFIRM
CONFIRM
axis_communications — ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.2018-06-26not yet calculatedCVE-2018-10663
MISC
CONFIRM
CONFIRM
axis_communications — ip_camerasAn issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.2018-06-26not yet calculatedCVE-2018-10664
MISC
CONFIRM
CONFIRM
axis_communications — ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.2018-06-26not yet calculatedCVE-2018-10661
MISC
CONFIRM
CONFIRM
axis_communications — ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.2018-06-26not yet calculatedCVE-2018-10660
MISC
CONFIRM
CONFIRM
axis_communications — ip_cameras
 
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.2018-06-26not yet calculatedCVE-2018-10658
MISC
CONFIRM
CONFIRM
axpdfium — axpdfium
 
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0601
JVN
MISC
baseon_latronix — mss_devices
 
Baseon Lantronix MSS devices do not require a password for TELNET access.2018-06-28not yet calculatedCVE-2018-12925
MISC
basercms — basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0572
JVN
MISC
basercms — basercmsCross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0570
JVN
MISC
basercms — basercmsCross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0574
JVN
MISC
basercms — basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.2018-06-26not yet calculatedCVE-2018-0571
JVN
MISC
basercms — basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0575
JVN
MISC
basercms — basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0573
JVN
MISC
basercms — basercms
 
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0569
JVN
MISC
beckoff — twincat_3
 
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.2018-06-27not yet calculatedCVE-2017-16718
MISC
beckoff — twincat
 
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbirtrary ADS packets when legitimate ADS traffic is observable.2018-06-27not yet calculatedCVE-2017-16726
MISC
bigtree-cms — bigtree-cms
 
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279.2018-06-26not yet calculatedCVE-2018-1000521
MISC
busybox — busybox
 
Busybox contains a Missing SSL certificate validation vulnerability in The “busybox wget” applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using “busybox wget https://compromised-domain.com/important-file”.2018-06-26not yet calculatedCVE-2018-1000500
MISC
MISC
busybox — busybox
 
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.2018-06-26not yet calculatedCVE-2018-1000517
MISC
bws_systems — ha-bridge
 
BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.2018-06-28not yet calculatedCVE-2018-12923
MISC
centreon — centreonCentreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.2018-06-25not yet calculatedCVE-2018-11588
CONFIRM
CONFIRM
CONFIRM
CONFIRM
centreon — centreonMultiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.2018-06-25not yet calculatedCVE-2018-11589
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
centreon — centreon
 
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.2018-06-25not yet calculatedCVE-2018-11587
CONFIRM
CONFIRM
CONFIRM
civetweb — civetwebOut-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.2018-06-22not yet calculatedCVE-2018-12684
MISC
MISC
cloud_foundry — cloud_foundry
 
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.2018-06-25not yet calculatedCVE-2018-11041
CONFIRM

cloudwu/pbc — cloudwu/pbc

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.2018-06-27not yet calculatedCVE-2018-12915
MISC
cloudwu/pbc — cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.2018-06-27not yet calculatedCVE-2018-12917
MISC
cloudwu/pbc — cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.2018-06-27not yet calculatedCVE-2018-12916
MISC
cloudwu/pbc — cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.2018-06-27not yet calculatedCVE-2018-12918
MISC
cnn-lite — cnn-lite
 
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking ‘’ termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.2018-06-26not yet calculatedCVE-2018-12889
MISC
codecanyon — brynamics_online_trade
 
Brynamics “Online Trade – Online trading and cryptocurrency investment system” allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.2018-06-27not yet calculatedCVE-2018-12908
MISC
corebos — corebos
 
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .2018-06-26not yet calculatedCVE-2018-1000547
MISC
craftedweb — craftedweb
 
In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.2018-06-27not yet calculatedCVE-2018-12919
MISC
cyberark — endpoint_privilege_manager
 
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user’s groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.2018-06-26not yet calculatedCVE-2018-12903
MISC
cybozu — mailwiseCross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML ‘Address’ via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0559
JVN
CONFIRM
cybozu — mailwise
 
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in ‘System settings’ via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0558
JVN
CONFIRM
cybozu — mailwise
 
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML ‘E-mail Details Screen’ via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0557
JVN
CONFIRM
cybozu — officeCybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0529
JVN
CONFIRM
cybozu — officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0527
JVN
CONFIRM
cybozu — officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0565
JVN
CONFIRM
cybozu — officeCybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0566
JVN
CONFIRM
cybozu — officeCybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0567
JVN
CONFIRM
cybozu — officeCybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0528
JVN
CONFIRM
cybozu — office
 
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0526
JVN
CONFIRM
dell — emc_idrac_service_module
 
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.2018-06-26not yet calculatedCVE-2018-11053
MISC
BID
delta_electronics — delta_industrial_automation_commgr
 
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.2018-06-26not yet calculatedCVE-2018-10594
BID
MISC
denx — u-boot
 
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.2018-06-26not yet calculatedCVE-2018-1000205
MISC
MISC
digisol — dg-br4000ng_devicesDIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.2018-06-24not yet calculatedCVE-2018-12706
MISC
EXPLOIT-DB
digisol — dg-br4000ng_devices
 
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).2018-06-24not yet calculatedCVE-2018-12705
MISC
EXPLOIT-DB
easycms — easycms
 
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.2018-06-29not yet calculatedCVE-2018-12971
MISC
eclipse — jetty_server
 
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn’t match a dynamic url-pattern, and is eventually handled by the DefaultServlet’s static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.2018-06-27not yet calculatedCVE-2018-12536
SECTRACK
CONFIRM
eclipse — jetty
 
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem’s storage for the FileSessionDataStore.2018-06-22not yet calculatedCVE-2018-12538
SECTRACK
CONFIRM
eclipse — jettyIn Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.2018-06-26not yet calculatedCVE-2017-7657
SECTRACK
CONFIRM
eclipse — jetty_serverIn Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.2018-06-26not yet calculatedCVE-2017-7658
SECTRACK
CONFIRM
eclipse — jetty
 
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.2018-06-26not yet calculatedCVE-2017-7656
SECTRACK
CONFIRM
electro_industries/gaugetech — nexus_devices
 
Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.2018-06-28not yet calculatedCVE-2018-12921
MISC
emerson_liebert — intellislot_web_card_devices
 
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.2018-06-28not yet calculatedCVE-2018-12922
MISC
ethereum — bitasean_token
 
The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12084
MISC
ethereum — block_18
 
The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract’s balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the “evilReflex” issue. NOTE: a PeckShield disclosure states “some researchers have independently discussed the mechanism of such vulnerability.”2018-06-25not yet calculatedCVE-2018-12703
MISC
MISC
ethereum — fujinto_token
 
The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12082
MISC
ethereum — globalvillage_ecosystem_token
 
The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract’s balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the “evilReflex” issue. NOTE: a PeckShield disclosure states “some researchers have independently discussed the mechanism of such vulnerability.”2018-06-25not yet calculatedCVE-2018-12702
MISC
MISC
ethereum — goal_bonanza_token
 
The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12083
MISC
ethereum — gold_reward_token
 
The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-11446
MISC
ethereum — internet_node_tokenThe mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12080
MISC
ethereum — internet_node_token
 
The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12063
MISC
ethereum — polyai_token
 
The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12078
MISC
ethereum — sec_token
 
The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12070
MISC
ethereum — substratum_token
 
The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12067
MISC
ethereum — substraum_token
 
The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12079
MISC
ethereum — swftcoin_token
 
The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12062
MISC
ethereum — target_coin_tokenThe mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12081
MISC
ethereum — target_coin_token
 
The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the “tradeTrap” issue.2018-06-25not yet calculatedCVE-2018-12068
MISC
exempi — exempi
 
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.2018-06-22not yet calculatedCVE-2018-12648
MISC
f5 — big-ipOn BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.2018-06-27not yet calculatedCVE-2018-5527
SECTRACK
CONFIRM
f5 — big-ip
 
Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.2018-06-27not yet calculatedCVE-2018-5528
SECTRACK
CONFIRM
flir — brickstream_2300_devices
 
Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.2018-06-28not yet calculatedCVE-2018-12920
MISC
fortinet — fortimanagerAn improper access control vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.2018-06-27not yet calculatedCVE-2018-1354
BID
SECTRACK
SECTRACK
CONFIRM
fortinet — fortimanagerAn open redirect vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.2018-06-27not yet calculatedCVE-2018-1355
BID
SECTRACK
SECTRACK
CONFIRM
fortinet — fortimanager
 
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices’ CLI commands by viewing the remote device CLI config installation log.2018-06-28not yet calculatedCVE-2018-1351
BID
SECTRACK
CONFIRM
froxlor — froxlor
 
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.2018-06-26not yet calculatedCVE-2018-1000527
MISC
MISC
froxlor — froxlor
 
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.2018-06-22not yet calculatedCVE-2018-12642
MISC
galaxy_project — galaxy
 
The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user’s input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01.2018-06-26not yet calculatedCVE-2018-1000516
MISC
gimp — gimp
 
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.2018-06-24not yet calculatedCVE-2018-12713
MISC
MISC
gnu — binutilsdemangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the “Create an array for saving the template argument values” XNEWVEC call. This can occur during execution of objdump.2018-06-23not yet calculatedCVE-2018-12698
BID
MISC
MISC
MISC
gnu — binutilsA Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.2018-06-23not yet calculatedCVE-2018-12700
BID
MISC
MISC
MISC
gnu — binutilsfinish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.2018-06-23not yet calculatedCVE-2018-12699
BID
MISC
MISC
MISC
gnu — binutils
 
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.2018-06-23not yet calculatedCVE-2018-12697
BID
MISC
MISC
MISC
gnu — binutils
 
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.2018-06-28not yet calculatedCVE-2018-12934
MISC
MISC
MISC
gnu — bitutils
 
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.2018-06-22not yet calculatedCVE-2018-12641
MISC
MISC
MISC

gonicus/gosa — gonicus/gosa

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.2018-06-26not yet calculatedCVE-2018-1000528
MISC
MISC
google — google_home_and_chromecast_devices
 
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.2018-06-24not yet calculatedCVE-2018-12716
MISC
MISC
MISC
MISC
gpac — gpac
 
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.2018-06-29not yet calculatedCVE-2018-13005
MISC
gpac — gpac
 
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.2018-06-29not yet calculatedCVE-2018-13006
MISC
gpmf-parser — gpmf-parserAn issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check).2018-06-29not yet calculatedCVE-2018-13009
MISC
gpmf-parser — gpmf-parserAn issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate.2018-06-29not yet calculatedCVE-2018-13011
MISC
gpmf-parser — gpmf-parser
 
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check).2018-06-29not yet calculatedCVE-2018-13007
MISC
gpmf-parser — gpmf-parser
 
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level.2018-06-29not yet calculatedCVE-2018-13008
MISC
grails — fields_plugin
 
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.2018-06-26not yet calculatedCVE-2018-1000529
MISC
greencms — greencms
 
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.2018-06-29not yet calculatedCVE-2018-12988
MISC
h2o — h2o
 
Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0608
JVN
MISC
hongcms — hongcms
 
An issue wan discovered in admincontrollersdatabase.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.2018-06-27not yet calculatedCVE-2018-12912
MISC
hongcms — hongcms
 
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.2018-06-29not yet calculatedCVE-2018-13021
MISC
hycuscms — hycuscms
 
Hycus CMS 1.0.4 allows Authentication Bypass via “‘=’ ‘OR'” credentials.2018-06-29not yet calculatedCVE-2018-12984
EXPLOIT-DB
ibm — aix
 
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.2018-06-22not yet calculatedCVE-2018-1655
CONFIRM
BID
SECTRACK
XF
ibm — doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415.2018-06-27not yet calculatedCVE-2018-1507
CONFIRM
XF
ibm — rational_doors
 
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.2018-06-27not yet calculatedCVE-2018-1457
CONFIRM
BID
XF
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.2018-06-26not yet calculatedCVE-2018-1614
SECTRACK
XF
CONFIRM
ibm — websphere_applications_server_liberty
 
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.2018-06-27not yet calculatedCVE-2018-1553
CONFIRM
XF
ibm — websphere_mqIBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.2018-06-27not yet calculatedCVE-2018-1543
CONFIRM
XF
ibm — websphere_mq
 
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 – 7.1.0.9, 7.5.0.0 – 7.5.0.8, 8.0.0.0 – 8.0.0.8, 9.0.0.0 – 9.0.0.2, and 9.0.0 – 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.2018-06-26not yet calculatedCVE-2018-1374
CONFIRM
XF
instant_update — cms
 
Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3.2018-06-26not yet calculatedCVE-2018-1000501
MISC
MISC
insteon — hd_ip_camera_white_2864-222
 
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.2018-06-23not yet calculatedCVE-2018-12640
MISC
insteon — hd_ip_camera_white_2864-222
 
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.2018-06-23not yet calculatedCVE-2018-11560
MISC
internet_initiative_japan — iij_smartkey_app_for_android
 
IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0584
JVN
inversoft — prime-jwt
 
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using ‘none’ as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba.2018-06-26not yet calculatedCVE-2018-1000531
MISC
ipconfigure — orchid_core_vms
 
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.2018-06-25not yet calculatedCVE-2018-10956
MISC
EXPLOIT-DB
ivanti — avalancheAn issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.2018-06-29not yet calculatedCVE-2018-8901
CONFIRM
ivanti — avalanche
 
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.2018-06-29not yet calculatedCVE-2018-8902
CONFIRM
jenkins — jenkinsA exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.2018-06-26not yet calculatedCVE-2018-1000609
CONFIRM
jenkins — jenkinsA persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user’s browser when that other user performs some UI actions.2018-06-26not yet calculatedCVE-2018-1000604
CONFIRM
jenkins — jenkinsA exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.2018-06-26not yet calculatedCVE-2018-1000610
CONFIRM
jenkins — jenkinsA man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.2018-06-26not yet calculatedCVE-2018-1000605
CONFIRM
jenkins — jenkinsA session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.2018-06-26not yet calculatedCVE-2018-1000602
CONFIRM
jenkins — jenkinsA exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator‚Äôs web browser (e.g. malicious extension) to retrieve the configured password.2018-06-26not yet calculatedCVE-2018-1000608
CONFIRM
jenkins — jenkinsA server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.2018-06-26not yet calculatedCVE-2018-1000606
CONFIRM
jenkins — jenkinsA exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.2018-06-26not yet calculatedCVE-2018-1000603
CONFIRM
jenkins — jenkinsA arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.2018-06-26not yet calculatedCVE-2018-1000607
CONFIRM
jenkins — jenkins
 
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2018-06-26not yet calculatedCVE-2018-1000600
CONFIRM
jenkins — jenkins
 
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.2018-06-26not yet calculatedCVE-2018-1000601
CONFIRM

johnath/beep — johnath/beep

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in –device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.2018-06-26not yet calculatedCVE-2018-1000532
MISC
joomla! — joomla!An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the “class_exists” function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.2018-06-26not yet calculatedCVE-2018-12712
BID
CONFIRM
joomla! — joomla!
 
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.2018-06-26not yet calculatedCVE-2018-12711
BID
CONFIRM
joplin — joplin
 
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field – information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running. This attack appear to be exploitable via Victim synchronizing notes from the cloud services or other note-keeping services which contain malicious code. This vulnerability appears to have been fixed in 1.0.90 and later.2018-06-26not yet calculatedCVE-2018-1000534
MISC
MISC

joyplus/joyplus-cms — joyplus/joyplus-cms

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php “system manage” and “add” actions.2018-06-27not yet calculatedCVE-2018-12905
MISC

klaussilveira/gitlist — klaussilveira/gitlist

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.2018-06-26not yet calculatedCVE-2018-1000533
MISC
MISC
lfcms — lfcmsCross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.2018-06-25not yet calculatedCVE-2018-12603
MISC
EXPLOIT-DB
lfcms — lfcms
 
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.2018-06-25not yet calculatedCVE-2018-12602
MISC
EXPLOIT-DB
libtiff — libtiff
 
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.2018-06-26not yet calculatedCVE-2018-12900
MISC
limesurvey — limesurveyLimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.2018-06-26not yet calculatedCVE-2018-1000514
MISC
MISC
limesurvey — limesurvey
 
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.2018-06-26not yet calculatedCVE-2018-1000513
MISC
line — line_for_windows
 
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0609
JVN
MISC
linux — linux_kernelntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.2018-06-28not yet calculatedCVE-2018-12930
MISC
MISC
linux — linux_kernelntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.2018-06-28not yet calculatedCVE-2018-12929
MISC
MISC
linux — linux_kernel
 
ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.2018-06-28not yet calculatedCVE-2018-12931
MISC
MISC
linux — linux_kernel
 
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don’t usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible.2018-06-26not yet calculatedCVE-2018-1000204
CONFIRM
linux — linux_kernel
 
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.2018-06-24not yet calculatedCVE-2018-12714
MISC
BID
MISC
MISC
MISC
linux — linux_kernel
 
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.2018-06-27not yet calculatedCVE-2018-12904
MISC
MISC
MISC
MISC
EXPLOIT-DB
linux — linux_kernel
 
In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.2018-06-28not yet calculatedCVE-2018-12928
MISC
MISC

lmsgit/lms — lmsgit/lms

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.2018-06-26not yet calculatedCVE-2018-1000535
MISC
MISC
maelostore — maelostore
 
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.2018-06-29not yet calculatedCVE-2018-12992
MISC
marlin — marlin_firmware
 
Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer.2018-06-26not yet calculatedCVE-2018-1000537
MISC
MISC
mcafee — web_gateway
 
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).2018-06-26not yet calculatedCVE-2018-6667
BID
SECTRACK
CONFIRM
medis — medis
 
Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim’s machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value.2018-06-26not yet calculatedCVE-2018-1000536
MISC
metinfo — metinfo
 
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.2018-06-29not yet calculatedCVE-2018-13024
MISC
micro_focus — secure_messaging_gatewayAn OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).2018-06-29not yet calculatedCVE-2018-12465
CONFIRM
CONFIRM
micro_focus — secure_messaging_gateway
 
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).2018-06-29not yet calculatedCVE-2018-12464
CONFIRM
CONFIRM
micro_focus — solutions_business_manager
 
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.2018-06-22not yet calculatedCVE-2018-7682
CONFIRM
microsoft — c++_redistributable
 
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0599
JVN
MISC
microsoft — onedriveUntrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0593
JVN
BID
MISC
microsoft — onedrive
 
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0592
JVN
BID
MISC
microsoft — playmemories_home_for_windows
 
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0600
JVN
MISC
microsoft — skype_for_windowsUntrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0595
JVN
BID
MISC
microsoft — skype_for_windows
 
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0594
JVN
BID
MISC
microsoft — visual_code_studio
 
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0597
JVN
BID
MISC
microsoft — visual_studio_community
 
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0596
JVN
BID
MISC
microsoft — windows
 
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0598
JVN
MISC
minio — minio_s3_server
 
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7.2018-06-26not yet calculatedCVE-2018-1000538
MISC
MISC
minisphere — minisphere
 
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later.2018-06-26not yet calculatedCVE-2018-1000524
MISC
MISC
miniz — miniz
 
In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.2018-06-27not yet calculatedCVE-2018-12913
MISC
misp_project — misp
 
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.2018-06-22not yet calculatedCVE-2018-12649
CONFIRM
mybb — mybb
 
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.2018-06-26not yet calculatedCVE-2018-1000503
MISC
MISC
mybb — mybb
 
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.2018-06-26not yet calculatedCVE-2018-1000502
MISC
MISC
netapp — oncommand_unified_manager_for_7-mode
 
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.2018-06-22not yet calculatedCVE-2017-7568
BID
CONFIRM
northern_electric_and_power — inverter_devices
 
Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.2018-06-28not yet calculatedCVE-2018-12927
MISC

nov/json-jwt — nov/json-jwt

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.2018-06-26not yet calculatedCVE-2018-1000539
MISC

nsmaomao/mao10cms — nsmaomao/mao10cms

mao10cms 6 allows XSS via the m=bbs&a=index page.2018-06-23not yet calculatedCVE-2018-12695
MISC

nsmaomao/mao10cms — nsmaomao/mao10cms

mao10cms 6 allows XSS via the article page.2018-06-23not yet calculatedCVE-2018-12696
MISC
ntt-cert — flets_virus_clear
 
Untrusted search path vulnerability in the installer of FLET’S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET’S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0563
JVN
MISC
MISC
nucom — wr644gacv_devices
 
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.2018-06-25not yet calculatedCVE-2018-8755
MISC
ocs_inventory_ng — ocs_inventory_ngOCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.2018-06-26not yet calculatedCVE-2018-1000558
MISC
MISC
ocs_inventory_ng — ocs_inventory_ng
 
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims’ browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1.2018-06-26not yet calculatedCVE-2018-1000557
MISC
MISC
octopus — deploy
 
In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.2018-06-26not yet calculatedCVE-2018-12884
MISC
onefilecms — onefilecmsonefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.2018-06-29not yet calculatedCVE-2018-12995
MISC
onefilecms — onefilecms
 
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.2018-06-29not yet calculatedCVE-2018-12993
MISC
onefilecms — onefilecms
 
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.2018-06-29not yet calculatedCVE-2018-12994
MISC
openpsa — openpsaOpenpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.2018-06-26not yet calculatedCVE-2018-1000526
MISC
MISC
openpsa — openpsa
 
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0.2018-06-26not yet calculatedCVE-2018-1000525
MISC
MISC
openslp — openslp
 
slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution.2018-06-28not yet calculatedCVE-2018-12938
BID
BID
MISC
opentsdb — opentsdbAn issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ‘json’ to the /q URI.2018-06-29not yet calculatedCVE-2018-12973
MISC
opentsdb — opentsdb
 
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.2018-06-29not yet calculatedCVE-2018-12972
MISC
opentsdb — opentsdb
 
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ‘type’ to the /suggest URI.2018-06-29not yet calculatedCVE-2018-13003
MISC

oswetto/loboevolution — oswetto/loboevolution

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.2018-06-26not yet calculatedCVE-2018-1000540
MISC
ovirt — engine
 
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options “–provision*db”, the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.2018-06-26not yet calculatedCVE-2018-1072
REDHAT
CONFIRM
owen — 5000_trillion_yen_converter_chrome_extension
 
Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0612
JVN
MISC
perl — perl
 
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.2018-06-29not yet calculatedCVE-2018-10860
CONFIRM
pharos_controls — pharos_controls_devices
 
Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.2018-06-28not yet calculatedCVE-2018-12926
MISC
php — php
 
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.2018-06-25not yet calculatedCVE-2018-12882
BID
CONFIRM
phpldapadmin — phpldapadminphpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.2018-06-22not yet calculatedCVE-2018-12689
EXPLOIT-DB
pivotal — operations_manager
 
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager2018-06-25not yet calculatedCVE-2018-11046
BID
CONFIRM
pivotal — springSpring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the “jsonp” and “callback” JSONP parameters, enabling cross-domain requests.2018-06-25not yet calculatedCVE-2018-11040
CONFIRM
pivotal — spring
 
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.2018-06-25not yet calculatedCVE-2018-11039
CONFIRM
pixar — rendermanA denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.2018-06-26not yet calculatedCVE-2018-3840
MISC
pixar — renderman
 
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.2018-06-26not yet calculatedCVE-2018-3841
MISC
pixelpost — pixelpostCross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0605
JVN
pixelpost — pixelpostSQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0606
JVN
pixelpost — pixelpost
 
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0604
JVN
podofo — podofoA stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.2018-06-29not yet calculatedCVE-2018-12983
MISC
podofo — podofo
 
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.2018-06-29not yet calculatedCVE-2018-12982
MISC
polaris — office
 
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.2018-06-28not yet calculatedCVE-2018-12589
MISC
portainer — portainer
 
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.2018-06-22not yet calculatedCVE-2018-12678
CONFIRM
CONFIRM
qutebrowser — qutebrowser
 
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user’s browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000559" target="_blank">CVE-2018-1000559</a><br /><a href="https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7" target="_blank">MISC</a><br /><a href="https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f" target="_blank">MISC</a><br /><a href="https://github.com/qutebrowser/qutebrowser/issues/4011" target="_blank">MISC</a></td></tr><tr><td scope="row"><p>raydac/netbeans-mmd-plugin — raydac/netbeans-mmd-plugin</p></td><td>netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000542" target="_blank">CVE-2018-1000542</a><br /><a href="https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/" target="_blank">MISC</a><br /><a href="https://github.com/raydac/netbeans-mmd-plugin/issues/45" target="_blank">MISC</a></td></tr><tr><td scope="row">rclone — rclone<br /> </td><td>In Rclone 1.42, use of “rclone sync” to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL’s content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a “RESTLESS” issue.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12907" target="_blank">CVE-2018-12907</a><br /><a href="http://openwall.com/lists/oss-security/2018/06/27/3" target="_blank">MISC</a><br /><a href="https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/" target="_blank">MISC</a></td></tr><tr><td scope="row">red_hat — fedora<br /> </td><td>The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-10852" target="_blank">CVE-2018-10852</a><br /><a href="http://www.securityfocus.com/bid/104547" target="_blank">BID</a><br /><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">red_hat — ansible<br /> </td><td>Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7466" target="_blank">CVE-2017-7466</a><br /><a href="http://www.securityfocus.com/bid/97595" target="_blank">BID</a><br /><a href="https://access.redhat.com/errata/RHSA-2017:1244" target="_blank">REDHAT</a><br /><a href="https://access.redhat.com/errata/RHSA-2017:1334" target="_blank">REDHAT</a><br /><a href="https://access.redhat.com/errata/RHSA-2017:1476" target="_blank">REDHAT</a><br /><a href="https://access.redhat.com/errata/RHSA-2017:1499" target="_blank">REDHAT</a><br /><a href="https://access.redhat.com/errata/RHSA-2017:1599" target="_blank">REDHAT</a><br /><a href="https://access.redhat.com/errata/RHSA-2017:1685" target="_blank">REDHAT</a><br /><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">red_hat — jboss_eap<br /> </td><td>It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a ‘javax.xml.transform.TransformerFactory’. If the FEATURE_SECURE_PROCESSING feature is set to ‘true’, it mitigates this vulnerability.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7465" target="_blank">CVE-2017-7465</a><br /><a href="http://www.securityfocus.com/bid/97605" target="_blank">BID</a><br /><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465" target="_blank">CONFIRM</a></td></tr><tr><td scope="row"><p>rockiger/akiee — rockiger/akiee</p></td><td>Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in “Details” of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000543" target="_blank">CVE-2018-1000543</a><br /><a href="https://github.com/rockiger/akiee/issues/42" target="_blank">MISC</a></td></tr><tr><td scope="row">ruby-ffi — ruby-ffi<br /> </td><td>ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000201" target="_blank">CVE-2018-1000201</a><br /><a href="https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a" target="_blank">CONFIRM</a><br /><a href="https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">rubygems — rubyzip<br /> </td><td>rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames “../” to write arbitrary files to the filesystem..</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000544" target="_blank">CVE-2018-1000544</a><br /><a href="https://github.com/rubyzip/rubyzip/issues/369" target="_blank">MISC</a></td></tr><tr><td scope="row">safe-n-sec — multiple_products</td><td>Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.)</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13013" target="_blank">CVE-2018-13013</a><br /><a href="http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3" target="_blank">MISC</a></td></tr><tr><td scope="row">safe-n-sec — multiple_products</td><td>Storing password in recoverable format in safensec.com (SysWatch service) in SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13014" target="_blank">CVE-2018-13014</a><br /><a href="http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-2" target="_blank">MISC</a></td></tr><tr><td scope="row">safe-n-sec — multiple_products<br /> </td><td>Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13012" target="_blank">CVE-2018-13012</a><br /><a href="http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-5" target="_blank">MISC</a></td></tr><tr><td scope="row">saj — solar_inverter<br /> </td><td>SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI.</td><td>2018-06-25</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12735" target="_blank">CVE-2018-12735</a><br /><a href="https://www.seebug.org/vuldb/ssvid-97369" target="_blank">MISC</a></td></tr><tr><td scope="row">sandoba — cp:shop<br /> </td><td>An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13001" target="_blank">CVE-2018-13001</a><br /><a href="https://www.vulnerability-lab.com/get_content.php?id=2122" target="_blank">MISC</a></td></tr><tr><td scope="row"><p>sanluan/publiccms — sanluan/publiccms</p></td><td>A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12914" target="_blank">CVE-2018-12914</a><br /><a href="https://github.com/sanluan/PublicCMS/issues/13" target="_blank">MISC</a></td></tr><tr><td scope="row">siemens — multiple_products</td><td>A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4846" target="_blank">CVE-2018-4846</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — multiple_products<br /> </td><td>A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4845" target="_blank">CVE-2018-4845</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — scalance_m875</td><td>A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administratrive users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11449" target="_blank">CVE-2018-11449</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — scalance_m875</td><td>A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11448" target="_blank">CVE-2018-11448</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — scalance_m875</td><td>A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4860" target="_blank">CVE-2018-4860</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — scalance_m875</td><td>A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4859" target="_blank">CVE-2018-4859</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — scalance_m875<br /> </td><td>A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device’s file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-4861" target="_blank">CVE-2018-4861</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">siemens — scalance_m875<br /> </td><td>A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-11447" target="_blank">CVE-2018-11447</a><br /><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">slims — slims_8_akasia</td><td>Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12656" target="_blank">CVE-2018-12656</a><br /><a href="https://github.com/slims/slims8_akasia/issues/100" target="_blank">MISC</a></td></tr><tr><td scope="row">slims — slims_8_akasia</td><td>Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12657" target="_blank">CVE-2018-12657</a><br /><a href="https://github.com/slims/slims8_akasia/issues/101" target="_blank">MISC</a></td></tr><tr><td scope="row">slims — slims_8_akasia</td><td>Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12655" target="_blank">CVE-2018-12655</a><br /><a href="https://github.com/slims/slims8_akasia/issues/99" target="_blank">MISC</a></td></tr><tr><td scope="row">slims — slims_8_akasia</td><td>Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12658" target="_blank">CVE-2018-12658</a><br /><a href="https://github.com/slims/slims8_akasia/issues/102" target="_blank">MISC</a></td></tr><tr><td scope="row">slims — slims_8_akasia</td><td>Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12654" target="_blank">CVE-2018-12654</a><br /><a href="https://github.com/slims/slims8_akasia/issues/98" target="_blank">MISC</a></td></tr><tr><td scope="row">slims — slims_8_akasia</td><td>SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12659" target="_blank">CVE-2018-12659</a><br /><a href="https://github.com/slims/slims8_akasia/issues/103" target="_blank">MISC</a></td></tr><tr><td scope="row">sollae — serial-ethernet-module_and_remote-i/o-device-server_devices<br /> </td><td>Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.</td><td>2018-06-28</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12924" target="_blank">CVE-2018-12924</a><br /><a href="https://www.seebug.org/vuldb/ssvid-97374" target="_blank">MISC</a></td></tr><tr><td scope="row">sprockets — sprockets<br /> </td><td>There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application’s root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-3760" target="_blank">CVE-2018-3760</a><br /><a href="https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5" target="_blank">MISC</a><br /><a href="https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ" target="_blank">MISC</a></td></tr><tr><td scope="row">sympa_community — sympa<br /> </td><td>The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000550" target="_blank">CVE-2018-1000550</a><br /><a href="https://sympa-community.github.io/security/2018-001.html" target="_blank">MISC</a></td></tr><tr><td scope="row">tibco — multiple_products</td><td>The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5437" target="_blank">CVE-2018-5437</a><br /><a href="http://www.tibco.com/services/support/advisories" target="_blank">MISC</a><br /><a href="https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">tibco — multiple_products<br /> </td><td>The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.’s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5435" target="_blank">CVE-2018-5435</a><br /><a href="http://www.tibco.com/services/support/advisories" target="_blank">MISC</a><br /><a href="https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">tibco — multiple_products<br /> </td><td>The Spotfire server component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5436" target="_blank">CVE-2018-5436</a><br /><a href="http://www.tibco.com/services/support/advisories" target="_blank">MISC</a><br /><a href="https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436" target="_blank">CONFIRM</a></td></tr><tr><td scope="row">tinyexr — tinyexr</td><td>tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12688" target="_blank">CVE-2018-12688</a><br /><a href="https://github.com/syoyo/tinyexr/issues/83" target="_blank">MISC</a></td></tr><tr><td scope="row">tinyexr — tinyexr</td><td>tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12687" target="_blank">CVE-2018-12687</a><br /><a href="https://github.com/syoyo/tinyexr/issues/84" target="_blank">MISC</a></td></tr><tr><td scope="row">topydo — topydo<br /> </td><td>topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line..</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000523" target="_blank">CVE-2018-1000523</a><br /><a href="https://github.com/bram85/topydo/blob/master/topydo/lib/ListFormat.py#L292" target="_blank">MISC</a><br /><a href="https://github.com/bram85/topydo/issues/240" target="_blank">MISC</a></td></tr><tr><td scope="row">tp-link — tl-wa850re_wi-fi_range_extenders</td><td>TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.</td><td>2018-06-23</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12694" target="_blank">CVE-2018-12694</a><br /><a href="https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" target="_blank">MISC</a></td></tr><tr><td scope="row">tp-link — tl-wa850re_wi-fi_range_extenders</td><td>Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.</td><td>2018-06-23</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12693" target="_blank">CVE-2018-12693</a><br /><a href="https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" target="_blank">MISC</a></td></tr><tr><td scope="row">tp-link — tl-wa850re_wi-fi_range_extenders<br /> </td><td>TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.</td><td>2018-06-23</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12692" target="_blank">CVE-2018-12692</a><br /><a href="https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" target="_blank">MISC</a><br /><a href="https://www.exploit-db.com/exploits/44912/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td scope="row">triplea — triplea<br /> </td><td>Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000546" target="_blank">CVE-2018-1000546</a><br /><a href="https://0dd.zone/2018/05/31/TripleA-XXE/" target="_blank">MISC</a><br /><a href="https://github.com/triplea-game/triplea/issues/3442" target="_blank">MISC</a></td></tr><tr><td scope="row">trovebox — trovebox</td><td>Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000554" target="_blank">CVE-2018-1000554</a><br /><a href="https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html" target="_blank">MISC</a></td></tr><tr><td scope="row">trovebox — trovebox</td><td>Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000553" target="_blank">CVE-2018-1000553</a><br /><a href="https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html" target="_blank">MISC</a></td></tr><tr><td scope="row">trovebox — trovebox</td><td>Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000552" target="_blank">CVE-2018-1000552</a><br /><a href="https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html" target="_blank">MISC</a></td></tr><tr><td scope="row">trovebox — trovebox<br /> </td><td>Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000551" target="_blank">CVE-2018-1000551</a><br /><a href="https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html" target="_blank">MISC</a></td></tr><tr><td scope="row">umlet — umlet<br /> </td><td>Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000548" target="_blank">CVE-2018-1000548</a><br /><a href="http://0dd.zone/2018/04/23/UMLet-XXE/" target="_blank">MISC</a><br /><a href="https://github.com/umlet/umlet/issues/500" target="_blank">MISC</a></td></tr><tr><td scope="row"><p>ventrian/news-articles — ventrian/news-articles</p></td><td>ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000515" target="_blank">CVE-2018-1000515</a><br /><a href="https://drive.google.com/drive/folders/1P7djpYX8VQ0oplhOCMFNdKQByCcw2ncU?usp=sharing" target="_blank">MISC</a></td></tr><tr><td scope="row">weblication — cms_core_and_grid<br /> </td><td>An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13002" target="_blank">CVE-2018-13002</a><br /><a href="https://www.vulnerability-lab.com/get_content.php?id=2121" target="_blank">MISC</a></td></tr><tr><td scope="row">wekan — wekan<br /> </td><td>Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register’ and ‘Forgot your password?’ pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000549" target="_blank">CVE-2018-1000549</a><br /><a href="https://shadow-vault.com/wekan.html" target="_blank">MISC</a></td></tr><tr><td scope="row">wine — wine<br /> </td><td>PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value.</td><td>2018-06-28</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12932" target="_blank">CVE-2018-12932</a><br /><a href="https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719" target="_blank">MISC</a><br /><a href="https://bugs.winehq.org/attachment.cgi?id=61284" target="_blank">MISC</a><br /><a href="https://bugs.winehq.org/show_bug.cgi?id=45105" target="_blank">MISC</a><br /><a href="https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d" target="_blank">MISC</a><br /><a href="https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949" target="_blank">MISC</a></td></tr><tr><td scope="row">wine — wine<br /> </td><td>PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.</td><td>2018-06-28</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12933" target="_blank">CVE-2018-12933</a><br /><a href="https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719" target="_blank">MISC</a><br /><a href="https://bugs.winehq.org/attachment.cgi?id=61285" target="_blank">MISC</a><br /><a href="https://bugs.winehq.org/show_bug.cgi?id=45106" target="_blank">MISC</a><br /><a href="https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d" target="_blank">MISC</a><br /><a href="https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000510" target="_blank">CVE-2018-1000510</a><br /><a href="https://advisories.dxw.com/advisories/wp-image-zoom-dos/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000512" target="_blank">CVE-2018-1000512</a><br /><a href="https://advisories.dxw.com/advisories/xss-in-tooltipy/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000506" target="_blank">CVE-2018-1000506</a><br /><a href="https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000505" target="_blank">CVE-2018-1000505</a><br /><a href="https://advisories.dxw.com/advisories/csrf-in-tooltipy/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000504" target="_blank">CVE-2018-1000504</a><br /><a href="https://advisories.dxw.com/advisories/ace-file-inclusion-redirection/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000508" target="_blank">CVE-2018-1000508</a><br /><a href="https://advisories.dxw.com/advisories/stored-xss-wp-ulike/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>WP User Groups version 2.0.0 contains a Cross Site Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000507" target="_blank">CVE-2018-1000507</a><br /><a href="https://advisories.dxw.com/advisories/csrf-wp-user-groups/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000511" target="_blank">CVE-2018-1000511</a><br /><a href="https://advisories.dxw.com/advisories/wp-ulike-delete-rows/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress</td><td>Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000509" target="_blank">CVE-2018-1000509</a><br /><a href="https://advisories.dxw.com/advisories/unserialization-redirection/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress<br /> </td><td>WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-1000556" target="_blank">CVE-2018-1000556</a><br /><a href="https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress<br /> </td><td>WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker’s privileges.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12895" target="_blank">CVE-2018-12895</a><br /><a href="http://www.securityfocus.com/bid/104569" target="_blank">BID</a><br /><a href="https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress<br /> </td><td>The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.</td><td>2018-06-22</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12636" target="_blank">CVE-2018-12636</a><br /><a href="https://wordpress.org/plugins/better-wp-security/#developers" target="_blank">CONFIRM</a><br /><a href="https://www.exploit-db.com/exploits/44943/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td scope="row">wordpress — wordpress<br /> </td><td>Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-0602" target="_blank">CVE-2018-0602</a><br /><a href="http://jvn.jp/en/jp/JVN16471686/index.html" target="_blank">JVN</a><br /><a href="https://wordpress.org/plugins/email-subscribers/#developers" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress<br /> </td><td>Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-0603" target="_blank">CVE-2018-0603</a><br /><a href="http://jvn.jp/en/jp/JVN60978548/index.html" target="_blank">JVN</a><br /><a href="https://wordpress.org/plugins/site-reviews/#developers" target="_blank">MISC</a><br /><a href="https://wpvulndb.com/vulnerabilities/9102" target="_blank">MISC</a></td></tr><tr><td scope="row">wordpress — wordpress<br /> </td><td>In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12902" target="_blank">CVE-2018-12902</a><br /><a href="https://github.com/lzlzh2016/easymagazine/blob/master/xx1.md" target="_blank">MISC</a></td></tr><tr><td scope="row">wstmall — wstmall<br /> </td><td>WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13010" target="_blank">CVE-2018-13010</a><br /><a href="https://github.com/wstmall/wstmall/issues/4" target="_blank">MISC</a></td></tr><tr><td scope="row">yaml/pyyaml — yaml/pyyaml<br /> </td><td>In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.</td><td>2018-06-27</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18342" target="_blank">CVE-2017-18342</a><br /><a href="https://github.com/yaml/pyyaml/blob/master/CHANGES" target="_blank">MISC</a><br /><a href="https://github.com/yaml/pyyaml/pull/74" target="_blank">MISC</a></td></tr><tr><td scope="row">yxcms — yxcms<br /> </td><td>protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-13025" target="_blank">CVE-2018-13025</a><br /><a href="https://github.com/zhaoheng521/yxcms/blob/master/Any%20file%20deletion" target="_blank">MISC</a></td></tr><tr><td scope="row">zenphoto — zenphoto<br /> </td><td>Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.</td><td>2018-06-26</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-0610" target="_blank">CVE-2018-0610</a><br /><a href="http://jvn.jp/en/jp/JVN33124193/index.html" target="_blank">JVN</a><br /><a href="https://www.zenphoto.org/news/zenphoto-1.5" target="_blank">MISC</a></td></tr><tr><td scope="row">zoho — manageengine</td><td>A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13780) allows remote attackers to inject arbitrary web script or HTML via the parameter ‘method’ to GraphicalView.do.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12996" target="_blank">CVE-2018-12996</a><br /><a href="https://github.com/unh3x/just4cve/issues/7" target="_blank">MISC</a></td></tr><tr><td scope="row">zoho — manageengine</td><td>Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12997" target="_blank">CVE-2018-12997</a><br /><a href="https://github.com/unh3x/just4cve/issues/8" target="_blank">MISC</a></td></tr><tr><td scope="row">zoho — manageengine</td><td>A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter ‘operation’ to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12998" target="_blank">CVE-2018-12998</a><br /><a href="https://github.com/unh3x/just4cve/issues/10" target="_blank">MISC</a></td></tr><tr><td scope="row">zoho — manageengine<br /> </td><td>Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.</td><td>2018-06-29</td><td>not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-12999" target="_blank">CVE-2018-12999</a><br /><a href="https://github.com/unh3x/just4cve/issues/9" target="_blank">MISC</a></td></tr></tbody></table><p><a href="https://www.us-cert.gov/#top">Back to top</a></div><hr><p>This product is provided subject to this <a href="http://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="http://www.us-cert.gov/privacy/">Privacy & Use</a> policy.</p><p></p> </span><div class="hatom-extra" style="display:none;visibility:hidden;"><span class="entry-title">SB18-183: Vulnerability Summary for the Week of June 25, 2018</span> was last modified: <span class="updated"> July 2nd, 2018</span> by <span class="author vcard"><span class="fn">Advisory Services</span></span></div></div><div class="entry-utility"> This entry was posted in <a href="https://www.defendedge.com/category/alerts/" rel="category tag">Alerts</a>. Bookmark the <a href="https://www.defendedge.com/alerts/sb18-183/" title="Permalink to SB18-183: Vulnerability Summary for the Week of June 25, 2018" rel="bookmark">permalink</a>.</div></div></div></div></div></div><div id="footer" role="contentinfo"><div id="colophon" role="contentinfo"><div id="footer-widget-area" role="complementary"><div id="first" class="widget-area"><ul class="xoxo"><li id="wplooktwitterfollowbutton-2" class="widget-container widget_wplooktwitterfollowbutton"><div class="container_wplooktwitterfollowbutton"> <a href="http://twitter.com/DefendEdge" class="twitter-follow-button" data-show-count="false" data-size="large" data-show-screen-name="true" data-dnt="false" data-lang="en" >Follow @DefendEdge</a></div></li></ul></div></div><div id="site-info"><div class="footer-logo"><img src="https://www.defendedge.com/wp-content/uploads/2016/09/logo.jpg" class="choma-header-logo" alt="choma" /></div> <b>Defend Edge</b><br /> Phone : 872-302-1220 <br />Copyright ©2018 | <a href="https://www.defendedge.com/privacy-policy/">Privacy Policy</a></div><div id="site-generator"> <br clear="all" /> <span class="web312"><a href="http://www.web312.com" target="blank"></a></span></div></div></div></div> <script type="text/javascript">(function(d,w) { w._hsq = w._hsq || []; w._hsq.push(["setContentType", "blog-post"]); })(document, window);</script> <script type="text/javascript" id="hs-script-loader" async defer src="//js.hs-scripts.com/2597776.js"></script> <script type='text/javascript'>var wpcf7 = {"apiSettings":{"root":"https:\/\/www.defendedge.com\/wp-json\/contact-form-7\/v1","namespace":"contact-form-7\/v1"},"recaptcha":{"messages":{"empty":"Please verify that you are not a robot."}},"cached":"1"};</script> <script type='text/javascript'>var leadin_wordpress = {"userRole":"visitor","pageType":"post","leadinPluginVersion":"6.1.7"};</script> <script type='text/javascript' async defer src='//js.hs-scripts.com/2597776.js?ver=40d3fc2be9df89138069b5e1f900382a'></script> <script type='text/javascript'>var fb_timeout, fb_opts={'overlayShow':true,'hideOnOverlayClick':true,'showCloseButton':true,'margin':20,'centerOnScroll':true,'enableEscapeButton':true,'autoScale':true,'scriptPriority':10 }; if(typeof easy_fancybox_handler==='undefined'){ var easy_fancybox_handler=function(){ jQuery('.nofancybox,a.pin-it-button,a[href*="pinterest.com/pin/create"]').addClass('nolightbox'); /* IMG */ var fb_IMG_select='a[href*=".jpg"]:not(.nolightbox,li.nolightbox>a),area[href*=".jpg"]:not(.nolightbox),a[href*=".jpeg"]:not(.nolightbox,li.nolightbox>a),area[href*=".jpeg"]:not(.nolightbox),a[href*=".png"]:not(.nolightbox,li.nolightbox>a),area[href*=".png"]:not(.nolightbox)'; jQuery(fb_IMG_select).addClass('fancybox image'); var fb_IMG_sections = jQuery('div.gallery'); fb_IMG_sections.each(function(){jQuery(this).find(fb_IMG_select).attr('rel','gallery-'+fb_IMG_sections.index(this));}); jQuery('a.fancybox,area.fancybox,li.fancybox a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'image','transitionIn':'elastic','easingIn':'easeOutBack','transitionOut':'elastic','easingOut':'easeInBack','opacity':false,'hideOnContentClick':false,'titleShow':true,'titlePosition':'over','titleFromAlt':true,'showNavArrows':true,'enableKeyboardNav':true,'cyclic':false}))}); /* Inline */ jQuery('a.fancybox-inline,area.fancybox-inline,li.fancybox-inline a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'inline','autoDimensions':true,'scrolling':'no','easingIn':'easeOutBack','easingOut':'easeInBack','opacity':false,'hideOnContentClick':false,'titleShow':false}))}); /* SWF */ jQuery('a[href*=".swf"],area[href*=".swf"],a[href*=".SWF"],area[href*=".SWF"]').not('.nolightbox,li.nolightbox>a').addClass('fancybox-swf'); jQuery('a.fancybox-swf,area.fancybox-swf,li.fancybox-swf a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'swf','width':680,'height':495,'titleShow':false,'titlePosition':'float','titleFromAlt':true,'swf':{'wmode':'opaque','allowfullscreen':true}}))}); /* SVG */ jQuery('a[href*=".svg"],area[href*=".svg"],a[href*=".SVG"],area[href*=".SVG"]').not('.nolightbox,li.nolightbox>a').addClass('fancybox-svg'); jQuery('a.fancybox-svg,area.fancybox-svg,li.fancybox-svg a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'svg','width':680,'height':495,'titleShow':false,'titlePosition':'float','titleFromAlt':true,'svg':{'wmode':'opaque','allowfullscreen':true}}))}); /* YouTube */ jQuery('a[href*="youtu.be/"],area[href*="youtu.be/"],a[href*="youtube.com/watch"],area[href*="youtube.com/watch"]').not('.nolightbox,li.nolightbox>a').addClass('fancybox-youtube'); jQuery('a.fancybox-youtube,area.fancybox-youtube,li.fancybox-youtube a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'iframe','width':640,'height':360,'padding':0,'keepRatio':1,'titleShow':false,'titlePosition':'float','titleFromAlt':true,'onStart':function(a,i,o){o.href=a[i].href.replace(/https?:\/\/youtu\.be/gi,"https://www.youtube.com/embed").replace(/https?:\/\/(?:www\.)?youtube\.com\/watch\?(.*)v=([a-z0-9\_\-]+)(?:&|&|\?)?(.*)/gi,"https://www.youtube.com/embed/$2?$1$3");var splitOn=o.href.indexOf("?");var urlParms=(splitOn>-1)?o.href.substring(splitOn):"";o.allowfullscreen=(urlParms.indexOf("fs=0")>-1)?false:true}}))}); /* Vimeo */ jQuery('a[href*="vimeo.com/"],area[href*="vimeo.com/"]').not('.nolightbox,li.nolightbox>a').addClass('fancybox-vimeo'); jQuery('a.fancybox-vimeo,area.fancybox-vimeo,li.fancybox-vimeo a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'iframe','width':500,'height':281,'padding':0,'keepRatio':1,'titleShow':false,'titlePosition':'float','titleFromAlt':true,'onStart':function(a,i,o){o.href=a[i].href.replace(/https?:\/\/(?:www\.)?vimeo\.com\/([0-9]+)(?:&|&|\?)?(.*)/gi,"https://player.vimeo.com/video/$1?$2");var splitOn=o.href.indexOf("?");var urlParms=(splitOn>-1)?o.href.substring(splitOn):"";o.allowfullscreen=(urlParms.indexOf("fullscreen=0")>-1)?false:true}}))}); /* Dailymotion */ jQuery('a[href*="dailymotion.com/"],area[href*="dailymotion.com/"]').not('.nolightbox,li.nolightbox>a').addClass('fancybox-dailymotion'); jQuery('a.fancybox-dailymotion,area.fancybox-dailymotion,li.fancybox-dailymotion a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'iframe','width':560,'height':315,'padding':0,'keepRatio':1,'titleShow':false,'titlePosition':'float','titleFromAlt':true,'onStart':function(a,i,o){o.href=a[i].href.replace(/^https?:\/\/(?:www\.)dailymotion.com\/video\/(.*)/gi,"https://www.dailymotion.com/embed/video/$1");var splitOn=o.href.indexOf("?");var urlParms=(splitOn>-1)?o.href.substring(splitOn):"";o.allowfullscreen=(urlParms.indexOf("fullscreen=0")>-1)?false:true}}))}); /* iFrame */ jQuery('a.fancybox-iframe,area.fancybox-iframe,li.fancybox-iframe a').each(function(){jQuery(this).fancybox(jQuery.extend({},fb_opts,{'type':'iframe','width':'70%','height':'90%','titleShow':false,'titlePosition':'float','titleFromAlt':true,'allowfullscreen':false}))});}; jQuery('a.fancybox-close').on('click',function(e){e.preventDefault();jQuery.fancybox.close()}); }; var easy_fancybox_auto=function(){setTimeout(function(){jQuery('#fancybox-auto').trigger('click')},1000);}; jQuery(easy_fancybox_handler);jQuery(document).on('post-load',easy_fancybox_handler); jQuery(easy_fancybox_auto);</script> <script>!function(e,t,n,s,u,a){e.twq||(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments); },s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='//static.ads-twitter.com/uwt.js', a=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script'); // Insert Twitter Pixel ID and Standard Event data below twq('init','nvnui'); twq('track','PageView');</script> <script type="text/javascript" defer src="https://www.defendedge.com/wp-content/cache/autoptimize/js/autoptimize_805509ede9af1b941d36ef2a7bef76fd.js"></script></body></html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Page Caching using disk: enhanced (SSL caching disabled) Served from: www.defendedge.com @ 2018-11-19 14:56:38 by W3 Total Cache -->