CVE-2018-7665
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
Source: CVE-2018-7665
CVE-2018-7663
An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript that is executed upon viewing the attacker’s profile.
Source: CVE-2018-7663
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
Source: CVE-2018-7662
CVE-2018-7661
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257.
Source: CVE-2018-7661
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
Source: CVE-2017-18214
CVE-2018-7560
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string.
Source: CVE-2018-7560
CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation.
Source: CVE-2018-7567
CVE-2017-18213
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
Source: CVE-2017-18213
CVE-2018-7654
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
Source: CVE-2018-7654