NVD Vulnerabilities

Subscribe to NVD Vulnerabilities feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 3 hours 52 min ago

CVE-2018-12671

Fri, 10/19/2018 - 18:29
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface.
Categories: NVD

CVE-2018-12672

Fri, 10/19/2018 - 18:29
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator.
Categories: NVD

CVE-2018-12673

Fri, 10/19/2018 - 18:29
An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information.
Categories: NVD

CVE-2018-18380

Fri, 10/19/2018 - 16:29
A Session Fixation issue was discovered in Bigtree. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.
Categories: NVD

CVE-2018-18529

Fri, 10/19/2018 - 16:29
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
Categories: NVD

CVE-2018-18530

Fri, 10/19/2018 - 16:29
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
Categories: NVD

CVE-2018-18531

Fri, 10/19/2018 - 16:29
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.
Categories: NVD

CVE-2018-18527

Fri, 10/19/2018 - 15:29
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
Categories: NVD

CVE-2018-18520

Fri, 10/19/2018 - 13:29
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
Categories: NVD

CVE-2018-18521

Fri, 10/19/2018 - 13:29
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
Categories: NVD

CVE-2018-18390

Fri, 10/19/2018 - 10:29
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-18391

Fri, 10/19/2018 - 10:29
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-18392

Fri, 10/19/2018 - 10:29
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-18393

Fri, 10/19/2018 - 10:29
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-18394

Fri, 10/19/2018 - 10:29
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-18395

Fri, 10/19/2018 - 10:29
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-18396

Fri, 10/19/2018 - 10:29
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Categories: NVD

CVE-2018-15312

Fri, 10/19/2018 - 09:29
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.
Categories: NVD

CVE-2018-15313

Fri, 10/19/2018 - 09:29
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.
Categories: NVD

CVE-2018-15314

Fri, 10/19/2018 - 09:29
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.
Categories: NVD