NVD

CVE-2018-18704

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
Categories: NVD

CVE-2018-18705

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.
Categories: NVD

CVE-2018-18706

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
Categories: NVD

CVE-2018-18707

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
Categories: NVD

CVE-2018-18708

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
Categories: NVD

CVE-2018-18709

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
Categories: NVD

CVE-2018-18710

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.
Categories: NVD

CVE-2018-18711

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.
Categories: NVD

CVE-2018-18694

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.
Categories: NVD

CVE-2018-18699

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c.
Categories: NVD

CVE-2018-18700

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
Categories: NVD

CVE-2018-18701

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
Categories: NVD

CVE-2018-18702

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Categories: NVD

CVE-2016-10732

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
Categories: NVD

CVE-2016-10733

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
Categories: NVD

CVE-2016-10734

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Categories: NVD

CVE-2016-10731

NVD Vulnerabilities - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.
Categories: NVD