CVE-2018-9026

A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

Source: CVE-2018-9026

CVE-2018-9029

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

Source: CVE-2018-9029

CVE-2018-9028

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

Source: CVE-2018-9028

CVE-2018-9027

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.

Source: CVE-2018-9027

CVE-2018-12534

A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.

Source: CVE-2018-12534

CVE-2018-1152

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

Source: CVE-2018-1152

CVE-2018-12530

An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.

Source: CVE-2018-12530

CVE-2018-1060

python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.

Source: CVE-2018-1060

CVE-2018-12531

An issue was discovered in MetInfo 6.0.0. installindex.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.

Source: CVE-2018-12531

CVE-2018-1153

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.

Source: CVE-2018-1153