The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.
NVD-CWE-noinfo
CVE-2018-1883
A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969.
CVE-2018-18766
An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.
CVE-2018-18748
** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an “import os” statement, followed by os.system(“cmd”) or os.system(“powershell”), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product’s intended functionality.
CVE-2018-18649
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.
CVE-2018-18652
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.