Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-02 CVE-2018-16338 Cross-Site Request Forgery (CSRF) vulnerability in Auracms 2.3
An issue was discovered in AuraCMS 2.3.
network
low complexity
auracms CWE-352
8.8
8.8
2018-09-02 CVE-2018-16335 Out-of-bounds Write vulnerability in multiple products
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
network
low complexity
libtiff debian CWE-787
8.8
8.8
2018-09-02 CVE-2018-16334 OS Command Injection vulnerability in Tendacn Ac10 Firmware and AC9 Firmware
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices.
network
low complexity
tendacn CWE-78
8.8
8.8
2018-09-02 CVE-2018-16333 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tendacn products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tendacn CWE-119
7.5
7.5
2018-09-02 CVE-2018-16332 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.9
An issue was discovered in iCMS 7.0.9.
network
low complexity
idreamsoft CWE-352
8.8
8.8
2018-09-02 CVE-2018-16331 Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password.
network
low complexity
damicms CWE-352
8.8
8.8
2018-09-01 CVE-2018-16320 Path Traversal vulnerability in Idreamsoft Icms 7.0.11
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
network
low complexity
idreamsoft CWE-22
7.2
7.2
2018-09-01 CVE-2018-16314 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11.
network
low complexity
icmsdev CWE-352
8.8
8.8
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
local
low complexity
ninjaforms CWE-1236
8.6
8.6
2018-09-01 CVE-2018-16303 XXE vulnerability in Pdf-Xchange Editor
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.
network
low complexity
pdf-xchange CWE-611
7.5
7.5