Security Vulnerabilities - CVEs Published In August 2018
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-08-27
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-08-27
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-08-27
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-27
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-27
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
CVSS Score
9.8
EPSS Score
0.04
Published
2018-08-26
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-26
Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-26
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-08-26
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
CVSS Score
4.3
EPSS Score
0.002
Published
2018-08-26