Skip to main content
CVE-2018-7304 HIGH POC This Week

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Tiki
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-5716 HIGH POC This Week

An issue was discovered in Reprise License Manager 11.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Reprise License Manager
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2018-7271 HIGH POC This Week

An issue was discovered in MetInfo 6.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Metinfo
NVD GitHub
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-7276 HIGH POC This Week

An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quantum Bacnet Integration Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-7311 HIGH This Week

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Privatevpn
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2018-7281 HIGH This Week

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Cactusvpn
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-7308 HIGH This Week

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Hosting
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-1168 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Abb Sys600 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1166 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Use After Free Smartos
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1165 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. Rated high severity (CVSS 7.0). No vendor patch available.

Heap Overflow Buffer Overflow Smartos Solaris Zfs Storage Appliance
NVD
CVSS 3.1
7.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy