National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 4 min 16 sec ago

CVE-2018-16392

Mon, 09/03/2018 - 10:29
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-16393

Mon, 09/03/2018 - 10:29
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-16382

Sun, 09/02/2018 - 22:29
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
Categories: Security News

CVE-2018-16384

Sun, 09/02/2018 - 22:29
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
Categories: Security News

CVE-2018-16385

Sun, 09/02/2018 - 22:29
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
Categories: Security News

CVE-2018-16387

Sun, 09/02/2018 - 22:29
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
Categories: Security News

CVE-2018-16375

Sun, 09/02/2018 - 20:29
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
Categories: Security News

CVE-2018-16376

Sun, 09/02/2018 - 20:29
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Categories: Security News

CVE-2018-16379

Sun, 09/02/2018 - 20:29
Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen.
Categories: Security News

CVE-2018-16380

Sun, 09/02/2018 - 20:29
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
Categories: Security News

CVE-2018-16368

Sun, 09/02/2018 - 20:29
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Categories: Security News

CVE-2018-16369

Sun, 09/02/2018 - 20:29
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-16370

Sun, 09/02/2018 - 20:29
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
Categories: Security News

CVE-2018-16371

Sun, 09/02/2018 - 20:29
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=.
Categories: Security News

CVE-2018-16372

Sun, 09/02/2018 - 20:29
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued.
Categories: Security News

CVE-2018-16373

Sun, 09/02/2018 - 20:29
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
Categories: Security News

CVE-2018-16374

Sun, 09/02/2018 - 20:29
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
Categories: Security News

CVE-2018-16366

Sun, 09/02/2018 - 18:29
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
Categories: Security News

CVE-2018-16367

Sun, 09/02/2018 - 18:29
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
Categories: Security News

CVE-2018-16352

Sun, 09/02/2018 - 18:29
There is a PHP code upload vulnerablity in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
Categories: Security News

Pages