National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 12 hours 25 min ago

CVE-2018-14948

Sun, 08/05/2018 - 14:29
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Categories: Security News

CVE-2018-14950

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Categories: Security News

CVE-2018-14951

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
Categories: Security News

CVE-2018-14952

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Categories: Security News

CVE-2018-14953

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
Categories: Security News

CVE-2018-14954

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
Categories: Security News

CVE-2018-14955

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
Categories: Security News

CVE-2018-14938

Sat, 08/04/2018 - 23:29
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
Categories: Security News

CVE-2018-14936

Sat, 08/04/2018 - 21:29
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
Categories: Security News

CVE-2018-14937

Sat, 08/04/2018 - 21:29
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
Categories: Security News

CVE-2018-14933

Sat, 08/04/2018 - 15:29
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Categories: Security News

CVE-2018-14417

Fri, 08/03/2018 - 21:29
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
Categories: Security News

CVE-2018-14473

Fri, 08/03/2018 - 21:29
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
Categories: Security News

CVE-2018-14497

Fri, 08/03/2018 - 21:29
Tenda D152 ADSL routers allow XSS via a crafted SSID.
Categories: Security News

CVE-2018-14541

Fri, 08/03/2018 - 21:29
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
Categories: Security News

CVE-2018-14593

Fri, 08/03/2018 - 21:29
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
Categories: Security News

CVE-2018-12482

Fri, 08/03/2018 - 21:29
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
Categories: Security News

CVE-2018-12483

Fri, 08/03/2018 - 21:29
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.
Categories: Security News

CVE-2018-14924

Fri, 08/03/2018 - 17:29
Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.
Categories: Security News

CVE-2018-14925

Fri, 08/03/2018 - 17:29
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.
Categories: Security News

Pages