NVD

CVE-2018-11726

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
Categories: NVD

CVE-2018-11727

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: NVD

CVE-2018-11728

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: NVD

CVE-2018-11729

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: NVD

CVE-2018-11730

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file.
Categories: NVD

CVE-2018-11731

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: NVD

CVE-2018-12096

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file.
Categories: NVD

CVE-2018-12097

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file.
Categories: NVD

CVE-2018-12098

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file.
Categories: NVD

CVE-2018-12293

NVD Vulnerabilities - Tue, 06/19/2018 - 17:29
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
Categories: NVD

CVE-2015-4043

NVD Vulnerabilities - Tue, 06/19/2018 - 15:29
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
Categories: NVD

CVE-2018-11525

NVD Vulnerabilities - Tue, 06/19/2018 - 15:29
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
Categories: NVD

CVE-2018-11526

NVD Vulnerabilities - Tue, 06/19/2018 - 15:29
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
Categories: NVD

CVE-2018-11537

NVD Vulnerabilities - Tue, 06/19/2018 - 15:29
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
Categories: NVD

CVE-2018-6210

NVD Vulnerabilities - Tue, 06/19/2018 - 15:29
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
Categories: NVD

CVE-2018-8727

NVD Vulnerabilities - Tue, 06/19/2018 - 15:29
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
Categories: NVD

CVE-2018-12582

NVD Vulnerabilities - Tue, 06/19/2018 - 14:29
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
Categories: NVD

CVE-2018-12583

NVD Vulnerabilities - Tue, 06/19/2018 - 14:29
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.
Categories: NVD

CVE-2018-12580

NVD Vulnerabilities - Tue, 06/19/2018 - 12:29
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
Categories: NVD

CVE-2018-12578

NVD Vulnerabilities - Tue, 06/19/2018 - 11:29
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
Categories: NVD