895 items
Unread (4718) All Dismissed
CRITICAL
CVE-2018-1161 (CVSS 9.8) — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...
NVD CVE-2018-1161 3053d ago
CRITICAL
CVE-2018-0514 (CVSS 9.8) — MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitra...
NVD CVE-2018-0514 3053d ago
CRITICAL
CVE-2018-6836 (CVSS 9.8) — The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a fre...
NVD CVE-2018-6836 3053d ago
CRITICAL
CVE-2018-6835 (CVSS 9.8) — node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote ...
NVD CVE-2018-6835 3053d ago
CRITICAL
CVE-2018-6823 (CVSS 9.8) — In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool L...
NVD CVE-2018-6823 3054d ago
CRITICAL
CVE-2018-6822 (CVSS 9.8) — In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be...
NVD CVE-2018-6822 3054d ago
CRITICAL
CVE-2018-4877 (CVSS 9.8) — A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerab...
NVD CVE-2018-4877 3054d ago
CRITICAL
CVE-2018-6758 (CVSS 9.8) — The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffe...
NVD CVE-2018-6758 3055d ago
CRITICAL
CVE-2018-6289 (CVSS 9.8) — Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway vers...
NVD CVE-2018-6289 3055d ago
CRITICAL
CVE-2018-6609 (CVSS 9.8) — SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ...
NVD CVE-2018-6609 3055d ago
CRITICAL
CVE-2018-6605 (CVSS 9.8) — SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getP...
NVD CVE-2018-6605 3055d ago
CRITICAL
CVE-2018-6604 (CVSS 9.8) — SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a tas...
NVD CVE-2018-6604 3055d ago
CRITICAL
CVE-2018-6582 (CVSS 9.8) — SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a get...
NVD CVE-2018-6582 3055d ago
CRITICAL
CVE-2018-6624 (CVSS 9.8) — OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct reques...
NVD CVE-2018-6624 3056d ago
CRITICAL
CVE-2018-5442 (CVSS 9.8) — A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. ...
NVD CVE-2018-5442 3056d ago
CRITICAL
CVE-2018-6596 (CVSS 9.1) — webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerabil...
NVD CVE-2018-6596 3057d ago
CRITICAL
CVE-2018-6317 (CVSS 9.1) — The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthen...
NVD CVE-2018-6317 3058d ago
CRITICAL
CVE-2018-6581 (CVSS 9.8) — SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, art...
NVD CVE-2018-6581 3059d ago
CRITICAL
CVE-2018-6580 (CVSS 9.8) — Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&...
NVD CVE-2018-6580 3059d ago
CRITICAL
CVE-2018-6579 (CVSS 9.8) — SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&ui...
NVD CVE-2018-6579 3059d ago
CRITICAL
CVE-2018-6578 (CVSS 9.8) — SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in...
NVD CVE-2018-6578 3059d ago
CRITICAL
CVE-2018-6577 (CVSS 9.8) — SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter ...
NVD CVE-2018-6577 3059d ago
CRITICAL
CVE-2018-6576 (CVSS 9.8) — SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parame...
NVD CVE-2018-6576 3059d ago
CRITICAL
CVE-2018-6575 (CVSS 9.8) — SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= re...
NVD CVE-2018-6575 3059d ago
CRITICAL
CVE-2018-6551 (CVSS 9.8) — The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on po...
NVD CVE-2018-6551 3059d ago
CRITICAL
CVE-2018-6548 (CVSS 9.8) — A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initia...
NVD CVE-2018-6548 3059d ago
CRITICAL
CVE-2018-6537 (CVSS 9.8) — A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 a...
NVD CVE-2018-6537 3059d ago
CRITICAL
CVE-2018-6521 (CVSS 9.8) — The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates ...
NVD CVE-2018-6521 3059d ago
CRITICAL
CVE-2018-6485 (CVSS 9.8) — An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L...
NVD CVE-2018-6485 3060d ago
CRITICAL
CVE-2018-0510 (CVSS 9.8) — Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to p...
NVD CVE-2018-0510 3060d ago
CRITICAL
CVE-2018-6476 (CVSS 9.8) — In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation...
NVD CVE-2018-6476 3060d ago
CRITICAL
CVE-2018-5701 (CVSS 9.8) — In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbit...
NVD CVE-2018-5701 3061d ago
CRITICAL
CVE-2018-6376 (CVSS 9.8) — In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL in...
NVD CVE-2018-6376 3062d ago
CRITICAL
CVE-2018-6398 (CVSS 9.8) — SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a ...
NVD CVE-2018-6398 3062d ago
CRITICAL
CVE-2018-6395 (CVSS 9.8) — SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a vi...
NVD CVE-2018-6395 3062d ago
CRITICAL
CVE-2018-6387 (CVSS 9.8) — iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the ad...
NVD CVE-2018-6387 3063d ago
CRITICAL
CVE-2018-6367 (CVSS 9.8) — SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.p...
NVD CVE-2018-6367 3063d ago
CRITICAL
CVE-2018-6365 (CVSS 9.8) — SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_...
NVD CVE-2018-6365 3063d ago
CRITICAL
CVE-2018-6364 (CVSS 9.8) — SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php s...
NVD CVE-2018-6364 3063d ago
CRITICAL
CVE-2018-6363 (CVSS 9.8) — SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
NVD CVE-2018-6363 3063d ago
CRITICAL
CVE-2018-0506 (CVSS 9.8) — Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified ve...
NVD CVE-2018-0506 3066d ago
CRITICAL
CVE-2018-1342 (CVSS 9.8) — A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console serv...
NVD CVE-2018-1342 3066d ago
CRITICAL
CVE-2018-5447 (CVSS 9.8) — An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validati...
NVD CVE-2018-5447 3066d ago
CRITICAL
CVE-2018-5997 (CVSS 9.8) — An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upl...
NVD CVE-2018-5997 3067d ago
CRITICAL
CVE-2018-5973 (CVSS 9.8) — SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php In...
NVD CVE-2018-5973 3067d ago
CRITICAL
CVE-2018-6308 (CVSS 9.8) — Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter...
NVD CVE-2018-6308 3067d ago
CRITICAL
CVE-2018-1000007 (CVSS 9.8) — libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked ...
NVD CVE-2018-1000007 3067d ago
CRITICAL
CVE-2018-1000005 (CVSS 9.1) — libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers....
NVD CVE-2018-1000005 3067d ago
CRITICAL
CVE-2018-6018 (CVSS 9.1) — Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract...
NVD CVE-2018-6018 3068d ago
CRITICAL
CVE-2018-6017 (CVSS 9.1) — Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to ex...
NVD CVE-2018-6017 3068d ago
CRITICAL NVD Thu, 08 Feb 2018 18:29:01 UTC
CVE-2018-1161 (CVSS 9.8) — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ...
https://nvd.nist.gov/vuln/detail/CVE-2018-1161
TL;DR
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a sta…
CVE-2018-1161
Read full story ↗