Skip to main content
CVE-2018-5726 CRITICAL POC THREAT Act Now

MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Master Ip Camera01 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.8%
CVE-2018-5724 CRITICAL POC THREAT Act Now

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Master Ip Camera01 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.5%
CVE-2018-5723 CRITICAL POC Act Now

MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Master Ip Camera01 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.7%
CVE-2018-5704 CRITICAL POC Act Now

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Open On Chip Debugger
NVD
CVSS 3.0
9.6
EPSS
4.6%
CVE-2018-5714 HIGH POC This Week

In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Malware
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5713 HIGH POC This Week

In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Malware
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-5725 HIGH POC This Week

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Master Ip Camera01 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-5330 HIGH POC This Week

ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zyxel P 660Hw V3 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-5727 MEDIUM POC This Month

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-5715 MEDIUM POC This Month

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sugarcrm
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.9%
CVE-2018-5370 MEDIUM POC This Month

BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xnami
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-1000004 MEDIUM POC This Month

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-5299 CRITICAL PATCH Act Now

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Ivanti RCE Buffer Overflow Pulse Connect Secure +1
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5703 CRITICAL Act Now

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Buffer Overflow Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2018-5728 MEDIUM POC This Month

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seatel 121 Firmware
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-5706 HIGH This Week

An issue was discovered in Octopus Deploy before 4.1.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Octopus Deploy
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-5709 HIGH This Week

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Kerberos
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-5710 MEDIUM This Month

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Kerberos
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5712 MEDIUM PATCH This Month

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.1
EPSS
79.9%
CVE-2014-9485 MEDIUM This Month

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Minizip Ng
NVD VulDB
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-5711 MEDIUM PATCH This Month

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service PHP Debian Linux Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
13.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy