Skip to main content
CVE-2018-7487 HIGH POC This Week

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7490 HIGH POC PATCH THREAT This Week

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Uwsgi Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
69.9%
CVE-2018-7448 HIGH POC THREAT This Week

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Cms Made Simple
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.0%
CVE-2018-7486 HIGH POC This Week

Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Path Traversal Muracms
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2018-7249 HIGH POC This Week

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Microsoft RCE Windows 7 Windows 8 +3
NVD GitHub
CVSS 3.0
7.0
EPSS
1.5%
CVE-2018-1377 HIGH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-7484 HIGH This Week

An issue was discovered in PureVPN through 5.19.4.0 on Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Purevpn
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2018-7491 HIGH This Week

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Prestashop
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy