Security Vulnerabilities - CVEs Published In August 2018
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
CVSS Score
5.4
EPSS Score
0.0
Published
2018-08-24
The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-24
The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-08-24
The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-08-24
The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-08-24
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-08-24
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.
CVSS Score
9.8
EPSS Score
0.024
Published
2018-08-24
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-08-24
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
CVSS Score
8.1
EPSS Score
0.017
Published
2018-08-24
A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.
CVSS Score
9.8
EPSS Score
0.105
Published
2018-08-24