Security Vulnerabilities - CVEs Published In August 2018
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
CVSS Score
8.0
EPSS Score
0.001
Published
2018-08-10
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-08-10
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
CVSS Score
7.1
EPSS Score
0.005
Published
2018-08-09
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-09
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-09
Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-08-09
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
CVSS Score
8.5
EPSS Score
0.016
Published
2018-08-09
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
CVSS Score
9.8
EPSS Score
0.678
Published
2018-08-09
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-09
PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-09