Security Vulnerabilities - CVEs Published In 2018
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-20
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-11-20
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-11-20
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-11-20
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-11-20
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
CVSS Score
6.1
EPSS Score
0.039
Published
2018-11-20
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command.
CVSS Score
7.8
EPSS Score
0.011
Published
2018-11-20
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-11-20
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-11-20
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-11-20