CVE-2018-16618

VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters followed by the name of an Android activity to start. Activities are started by inserting their name into a string that is executed in a shell command. By inserting metacharacters this can be exploited to run arbitrary commands as root. The requests also match those of the HTTP protocol and can be triggered on any web page rendered on the device by requesting resources stored at an http://127.0.0.1:1668/ URI, as demonstrated by the http://127.0.0.1:1668/dacdb70556479813fab2d92896596eef?’;{ping,example.org}’ URL.

Source: CVE-2018-16618

CVE-2018-17842

SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.

Source: CVE-2018-17842

CVE-2019-11232

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element.

Source: CVE-2019-11232

CVE-2019-11649

Cross-site scripting in Micro Focus Fortify software security center server, version 18.1, 18.2. The vulnerability may allow remote code execution.

Source: CVE-2019-11649

CVE-2019-11233

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field.

Source: CVE-2019-11233

CVE-2018-17398

SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.

Source: CVE-2018-17398

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

Source: CVE-2018-15506

CVE-2018-17393

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.

Source: CVE-2018-17393

CVE-2018-17841

SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.

Source: CVE-2018-17841

CVE-2018-17389

CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.

Source: CVE-2018-17389