National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 14 hours 48 min ago

CVE-2018-1453

Fri, 06/08/2018 - 09:29
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
Categories: Security News

CVE-2018-10088

Fri, 06/08/2018 - 08:29
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
Categories: Security News

CVE-2018-11409

Fri, 06/08/2018 - 08:29
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Categories: Security News

CVE-2018-12064

Fri, 06/08/2018 - 08:29
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.
Categories: Security News

CVE-2018-12065

Fri, 06/08/2018 - 08:29
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.
Categories: Security News

CVE-2018-12055

Fri, 06/08/2018 - 07:29
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
Categories: Security News

CVE-2018-12051

Fri, 06/08/2018 - 07:29
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.
Categories: Security News

CVE-2018-12052

Fri, 06/08/2018 - 07:29
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
Categories: Security News

CVE-2018-12053

Fri, 06/08/2018 - 07:29
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
Categories: Security News

CVE-2018-12054

Fri, 06/08/2018 - 07:29
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
Categories: Security News

CVE-2018-9177

Thu, 06/07/2018 - 21:29
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.
Categories: Security News

CVE-2018-9182

Thu, 06/07/2018 - 21:29
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
Categories: Security News

CVE-2018-9246

Thu, 06/07/2018 - 21:29
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
Categories: Security News

CVE-2018-12041

Thu, 06/07/2018 - 21:29
An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames.
Categories: Security News

CVE-2018-12045

Thu, 06/07/2018 - 21:29
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
Categories: Security News

CVE-2018-12046

Thu, 06/07/2018 - 21:29
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
Categories: Security News

CVE-2018-12047

Thu, 06/07/2018 - 21:29
xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.
Categories: Security News

CVE-2018-12048

Thu, 06/07/2018 - 21:29
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.
Categories: Security News

CVE-2018-12049

Thu, 06/07/2018 - 21:29
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device.
Categories: Security News

CVE-2018-11228

Thu, 06/07/2018 - 21:29
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Categories: Security News

Pages