Security Vulnerabilities - CVEs Published In 2018
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
CVSS Score
3.8
EPSS Score
0.002
Published
2018-11-21
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
CVSS Score
3.8
EPSS Score
0.002
Published
2018-11-21
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
CVSS Score
7.2
EPSS Score
0.843
Published
2018-11-21
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
CVSS Score
7.2
EPSS Score
0.266
Published
2018-11-21
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
CVSS Score
7.2
EPSS Score
0.007
Published
2018-11-21
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-11-21
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
CVSS Score
10.0
EPSS Score
0.062
Published
2018-11-21
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVSS Score
9.8
EPSS Score
0.114
Published
2018-11-21
CVE-2018-19410
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
Known exploited
CVSS Score
9.8
EPSS Score
0.931
Published
2018-11-21
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-11-21