Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone.
CVSS Score
2.4
EPSS Score
0.0
Published
2018-10-17
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked.
CVSS Score
4.6
EPSS Score
0.0
Published
2018-10-17
vBulletin 5.4.3 has an Open Redirect.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-17
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.385
Published
2018-10-17
Aryanic HighPortal 12.5 has XSS via an Add Tags action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-17
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-10-17
A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-17
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-10-17
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
CVSS Score
7.5
EPSS Score
0.862
Published
2018-10-17
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
CVSS Score
8.8
EPSS Score
0.937
Published
2018-10-17


Contact Us

Shodan ® - All rights reserved