Skip to main content
CVE-2018-7304 HIGH POC This Week

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Tiki
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-5716 HIGH POC This Week

An issue was discovered in Reprise License Manager 11.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Reprise License Manager
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2018-7271 HIGH POC This Week

An issue was discovered in MetInfo 6.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Metinfo
NVD GitHub
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-7276 HIGH POC This Week

An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quantum Bacnet Integration Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-7278 MEDIUM POC This Month

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fds Pc Firmware Fds Pc Dp Firmware
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7277 MEDIUM POC This Month

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wi Mgr Firmware Fds Wi Firmware
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1164 CRITICAL Act Now

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel P 870H 51 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-7273 MEDIUM POC This Month

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-6936 MEDIUM POC This Month

Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M C1 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-7303 MEDIUM POC This Month

The Calendar component in Tiki 17.1 allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7302 MEDIUM POC This Month

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tiki
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-7260 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-7305 MEDIUM POC This Month

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mybb
NVD
CVSS 3.0
4.9
EPSS
0.4%
CVE-2018-7311 HIGH This Week

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Privatevpn
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2018-7281 HIGH This Week

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Cactusvpn
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-7308 HIGH This Week

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Hosting
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-1168 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Abb Sys600 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1166 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Use After Free Smartos
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-7289 LOW POC Monitor

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Armadito Antivirus
NVD GitHub Exploit-DB
CVSS 3.0
3.3
EPSS
1.8%
CVE-2018-1165 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Buffer Overflow Smartos Solaris Zfs Storage Appliance
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2018-7272 MEDIUM This Month

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Access Management
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-7280 MEDIUM This Month

The Ninja Forms plugin before 3.2.14 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ninja Forms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7274 MEDIUM PATCH This Month

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quarx Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-7261 MEDIUM This Month

There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Radiant Cms
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy