Skip to main content
CVE-2018-5696 CRITICAL POC Act Now

The iJoomla com_adagency plugin 6.0.9 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ad Agency
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-5700 HIGH POC This Week

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal PHP Winmail Server
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-5694 HIGH POC This Week

The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flash Operator Panel
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-5684 HIGH POC This Week

In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libav
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-5360 HIGH POC PATCH This Week

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff Graphicsmagick
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-5698 HIGH POC This Week

libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Readstat
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-5697 HIGH POC This Week

Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Icyphoenix
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-5695 HIGH POC This Week

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Wpjobboard
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-5685 MEDIUM POC PATCH This Month

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-5688 MEDIUM POC PATCH This Month

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Ilias
NVD Exploit-DB GitHub
CVSS 3.0
6.1
EPSS
3.3%
CVE-2018-5692 MEDIUM POC This Month

Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Piwigo
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-5686 MEDIUM POC This Month

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2018-5691 MEDIUM POC This Month

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall XSS Analyzer Global Management System
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-5687 MEDIUM POC This Month

NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Newsbee
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-5693 LOW POC Monitor

The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Magicspam
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2018-5690 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dotclear
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-5689 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dotclear
NVD
CVSS 3.0
5.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy