National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 21 hours 14 min ago

CVE-2018-19220

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
Categories: Security News

CVE-2018-19221

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
Categories: Security News

CVE-2018-19222

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
Categories: Security News

CVE-2018-19223

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
Categories: Security News

CVE-2018-19224

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
Categories: Security News

CVE-2018-19225

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
Categories: Security News

CVE-2018-19226

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
Categories: Security News

CVE-2018-19227

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
Categories: Security News

CVE-2018-19228

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
Categories: Security News

CVE-2018-19229

Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
Categories: Security News

CVE-2018-19208

Mon, 11/12/2018 - 14:29
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
Categories: Security News

CVE-2018-19209

Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
Categories: Security News

CVE-2018-19210

Mon, 11/12/2018 - 14:29
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
Categories: Security News

CVE-2018-19211

Mon, 11/12/2018 - 14:29
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack.
Categories: Security News

CVE-2018-19212

Mon, 11/12/2018 - 14:29
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.
Categories: Security News

CVE-2018-19213

Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
Categories: Security News

CVE-2018-19214

Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
Categories: Security News

CVE-2018-19215

Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
Categories: Security News

CVE-2018-19216

Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
Categories: Security News

CVE-2018-19217

Mon, 11/12/2018 - 14:29
In ncurses 6.1, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack.
Categories: Security News

Pages