Skip to main content
CVE-2018-7487 HIGH POC This Week

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7490 HIGH POC PATCH THREAT This Week

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Uwsgi Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
69.9%
CVE-2018-7448 HIGH POC THREAT This Week

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Cms Made Simple
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.0%
CVE-2018-7486 HIGH POC This Week

Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Path Traversal Muracms
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2018-7249 HIGH POC This Week

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE Windows 7 Windows 8 +3
NVD GitHub
CVSS 3.0
7.0
EPSS
1.5%
CVE-2018-7489 CRITICAL PATCH Act Now

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Deserialization Jackson Databind Debian Linux Communications Billing And Revenue Management +2
NVD GitHub
CVSS 3.0
9.8
EPSS
20.1%
CVE-2018-7485 CRITICAL PATCH Act Now

The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Unixodbc
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7463 CRITICAL Act Now

SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Asanhamayesh Cms
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-7492 MEDIUM POC PATCH This Month

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-7479 MEDIUM POC This Month

YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Yzmcms
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2018-1377 HIGH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-7484 HIGH This Week

An issue was discovered in PureVPN through 5.19.4.0 on Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Purevpn
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2018-7491 HIGH This Week

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Prestashop
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-0908 MEDIUM PATCH This Month

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Identity Manager
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-5762 MEDIUM This Month

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Clearpath Mcp
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-7250 MEDIUM This Month

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 7 Windows 8 Windows 8 1 +2
NVD GitHub
CVSS 3.0
5.5
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy