Skip to main content
CVE-2018-6200 MEDIUM POC This Month

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Vbulletin
NVD
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-6217 MEDIUM POC This Month

The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Kingsoft Wps Office
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-5967 MEDIUM POC This Month

Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wf2419 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6313 MEDIUM POC This Month

Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-5965 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
1.2%
CVE-2018-5964 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2018-5963 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
1.2%
CVE-2018-4835 MEDIUM PATCH This Month

A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Telecontrol Server Basic
NVD
CVSS 3.0
5.3
EPSS
2.2%
CVE-2018-5445 MEDIUM This Month

A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess Scada
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-5443 MEDIUM This Month

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess Scada
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-6198 MEDIUM PATCH This Month

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Rated medium severity (CVSS 4.7).

Information Disclosure W3M Ubuntu Linux
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy