Skip to main content
CVE-2018-5267 CRITICAL POC Act Now

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sea Tel 121 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-5285 HIGH POC This Week

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Imageinject
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-5282 HIGH POC This Week

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Microsoft Buffer Overflow Xperience
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-5279 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-5277 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5276 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5275 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5274 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5273 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5272 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5271 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-5270 HIGH POC This Week

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-5283 HIGH POC This Week

The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Apple Photos In Wifi
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-5291 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5290 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5289 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5287 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5266 HIGH POC This Week

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sea Tel 121 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5293 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-5292 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-5288 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-5286 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-3815 MEDIUM POC This Month

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Communigate Pro
NVD
CVSS 3.0
5.7
EPSS
0.9%
CVE-2018-5296 MEDIUM POC This Month

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-5295 MEDIUM POC This Month

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Podofo
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-5269 MEDIUM POC PATCH This Month

In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opencv Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2018-5268 MEDIUM POC PATCH This Month

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Opencv Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2018-5263 MEDIUM POC This Month

The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easydiscuss
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-5281 MEDIUM POC This Month

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall XSS Sonicos
NVD
CVSS 3.1
5.4
EPSS
2.5%
CVE-2018-5280 MEDIUM POC This Month

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall XSS Sonicos
NVD
CVSS 3.1
5.4
EPSS
2.5%
CVE-2018-5071 MEDIUM POC This Month

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sea Tel 116 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-5259 HIGH This Week

Discuz!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Discuzx
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5284 MEDIUM POC This Month

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Imageinject
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%
CVE-2018-5298 HIGH This Week

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Oral B App
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2018-5278 LOW POC Monitor

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Malwarebytes
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2018-5301 MEDIUM PATCH This Month

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Adobe Magento
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-5294 MEDIUM This Month

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy