Skip to main content
CVE-2018-5997 CRITICAL POC THREAT Act Now

An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Path Traversal Filehub Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
23.5%
CVE-2018-5973 CRITICAL POC THREAT Act Now

SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Professional Local Directory Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.1%
CVE-2018-6308 CRITICAL POC Act Now

Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the default_currency_name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sugarcrm
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-6315 HIGH POC This Week

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-6209 HIGH POC This Week

In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6208 HIGH POC This Week

In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6207 HIGH POC This Week

In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6206 HIGH POC This Week

In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6205 HIGH POC This Week

In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6204 HIGH POC This Week

In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6203 HIGH POC This Week

In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6202 HIGH POC This Week

In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6201 HIGH POC This Week

In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5954 HIGH POC This Week

phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Phpfreechat
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.9%
CVE-2018-6197 HIGH POC PATCH This Week

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service W3M Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-6196 HIGH POC PATCH This Week

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service W3M Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-6200 MEDIUM POC This Month

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Vbulletin
NVD
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-5447 CRITICAL Act Now

An Improper Input Validation issue was discovered in Nari PCS-9611 relay. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pcs 9611 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-6217 MEDIUM POC This Month

The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Kingsoft Wps Office
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-5967 MEDIUM POC This Month

Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wf2419 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6313 MEDIUM POC This Month

Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-5965 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
1.2%
CVE-2018-5964 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2018-5963 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
1.2%
CVE-2018-4836 HIGH PATCH This Week

A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Telecontrol Server Basic
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-1051 HIGH PATCH This Week

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Resteasy
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-5748 HIGH PATCH This Week

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libvirt Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-4837 HIGH PATCH This Week

A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Telecontrol Server Basic
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-4835 MEDIUM PATCH This Month

A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Telecontrol Server Basic
NVD
CVSS 3.0
5.3
EPSS
2.2%
CVE-2018-5445 MEDIUM This Month

A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess Scada
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-5443 MEDIUM This Month

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess Scada
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-6198 MEDIUM PATCH This Month

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Rated medium severity (CVSS 4.7).

Information Disclosure W3M Ubuntu Linux
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy