Security Vulnerabilities - CVEs Published In October 2018
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
CVSS Score
7.8
EPSS Score
0.006
Published
2018-10-01
SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-10-01
An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-10-01
HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).
CVSS Score
8.8
EPSS Score
0.002
Published
2018-10-01
HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-10-01
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-10-01
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-10-01
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-10-01
Page 147