Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-5282

EPSS 0.98% · P77

Public Exploits 1

ExploitDB · 1 EDB-43547 [dos]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-5282

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kentico Load XML Configuration模块缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kentico是美国Kentico软件公司的一套基于ASP.NET的内容管理系统(CMS)。该系统主要由两大工具组成:Kentico CMS Desk是用于编辑网页中的内容;Kentico CMS Controls是用于编辑和控制网页中各种元素。Load XML Configuration moudle是其中的一个XML上传配置模块。 Kentico 9.0版本至11.0版本中的Load XML Configuration模块存在基于栈的缓冲区溢出漏洞。本地攻击者可借助SilentInstall XML文
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-5282

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-5282

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-01-08 · 58 CVEs total

CVE-2018-5296PoDoFo 安全漏洞
CVE-2018-5277Malwarebytes Premium 安全漏洞
CVE-2017-15913Whale 安全漏洞
CVE-2018-5279Malwarebytes Premium 安全漏洞
CVE-2018-5278Malwarebytes Premium 安全漏洞
CVE-2018-5071Cobham Sea Tel Web服务器跨站脚本漏洞
CVE-2018-5269OpenCV 安全漏洞
CVE-2018-5268OpenCV 缓冲区错误漏洞
CVE-2018-3815Stalker CommuniGate Pro 安全漏洞
CVE-2017-5971NewsBee CMS SQL注入漏洞
CVE-2018-5270Malwarebytes Premium 安全漏洞
CVE-2018-5295PoDoFo 数字错误漏洞
CVE-2018-5294libming 数字错误漏洞
CVE-2018-5293WordPress GD Rating System插件跨站脚本漏洞
CVE-2018-5292WordPress GD Rating System插件跨站脚本漏洞
CVE-2018-5291WordPress GD Rating System插件路径遍历漏洞
CVE-2018-5290WordPress GD Rating System插件路径遍历漏洞
CVE-2018-5289WordPress GD Rating System插件路径遍历漏洞
CVE-2018-5288WordPress GD Rating System插件跨站脚本漏洞
CVE-2018-5287WordPress GD Rating System 路径遍历漏洞

Showing top 20 of 58 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-5282

No comments yet

Leave a comment