Skip to main content
CVE-2018-0101 CRITICAL POC THREAT Act Now

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
87.1%
CVE-2018-6387 CRITICAL POC Act Now

iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ib Wra150N Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-6367 CRITICAL POC Act Now

SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP I Tech Buddy Zone Facebook Clone
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-6365 CRITICAL POC Act Now

SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tsitebuilder
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-6364 CRITICAL POC Act Now

SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Multilanguage Real Estate Mlm Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-6363 CRITICAL POC Act Now

SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Taskrabbit Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2018-3835 HIGH POC This Week

An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Ptex
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-6391 HIGH POC This Week

A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wf2419 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-6388 HIGH POC This Week

iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ib Wra150N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2018-6383 HIGH POC THREAT This Week

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
13.5%
CVE-2018-6007 HIGH POC This Week

CSRF exists in the JS Support Ticket 1.1.0 component for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Js Support Ticket
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-5720 HIGH POC This Week

An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dc38 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-6008 HIGH POC THREAT This Week

Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jtag Members Directory
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
36.8%
CVE-2018-6393 HIGH POC This Week

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Freepbx
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-6390 MEDIUM POC This Month

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Buffer Overflow Wps Office
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2018-6381 MEDIUM POC This Month

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zziplib Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1364 HIGH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Content Navigator
NVD
CVSS 3.0
8.2
EPSS
2.4%
CVE-2017-12626 HIGH PATCH This Week

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Poi
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-6392 MEDIUM PATCH This Month

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Ffmpeg Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy