National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 17 hours 8 min ago

CVE-2018-15888

Sun, 08/26/2018 - 17:29
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.
Categories: Security News

CVE-2018-15889

Sun, 08/26/2018 - 17:29
In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Categories: Security News

CVE-2018-15833

Sun, 08/26/2018 - 13:29
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Categories: Security News

CVE-2011-2767

Sun, 08/26/2018 - 12:29
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
Categories: Security News

CVE-2018-15876

Sun, 08/26/2018 - 03:29
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.
Categories: Security News

CVE-2018-15877

Sun, 08/26/2018 - 03:29
The Plainview Activity Monitor plugin 4.7.11 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
Categories: Security News

CVE-2018-15858

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
Categories: Security News

CVE-2018-15859

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
Categories: Security News

CVE-2018-15861

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
Categories: Security News

CVE-2018-15862

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
Categories: Security News

CVE-2018-15863

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
Categories: Security News

CVE-2018-15864

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
Categories: Security News

CVE-2018-15849

Sat, 08/25/2018 - 17:29
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
Categories: Security News

CVE-2018-15850

Sat, 08/25/2018 - 17:29
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
Categories: Security News

CVE-2018-15851

Sat, 08/25/2018 - 17:29
An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.
Categories: Security News

CVE-2018-15852

Sat, 08/25/2018 - 17:29
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.
Categories: Security News

CVE-2018-15853

Sat, 08/25/2018 - 17:29
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
Categories: Security News

CVE-2018-15854

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
Categories: Security News

CVE-2018-15855

Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
Categories: Security News

CVE-2018-15856

Sat, 08/25/2018 - 17:29
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
Categories: Security News

Pages