CVE-2018-11536

md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.

Source: CVE-2018-11536

CVE-2018-11488

A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.

Source: CVE-2018-11488

CVE-2018-11527

An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator’s username and password via /admin.php/sys/editpass_save.

Source: CVE-2018-11527

CVE-2018-11523

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.

Source: CVE-2018-11523

CVE-2018-11531

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

Source: CVE-2018-11531

CVE-2018-11528

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.

Source: CVE-2018-11528

CVE-2018-11535

An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.

Source: CVE-2018-11535

CVE-2018-11532

An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.

Source: CVE-2018-11532

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.

Source: CVE-2018-10732

CVE-2018-11517

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.

Source: CVE-2018-11517