Skip to main content
CVE-2018-7583 HIGH POC THREAT This Week

Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dualdesk
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
39.5%
CVE-2018-7449 HIGH POC This Week

SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Embos Ip Ftp Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
7.6%
CVE-2018-7567 HIGH POC This Week

In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Otrs
NVD
CVSS 3.0
7.2
EPSS
5.3%
CVE-2018-7653 MEDIUM POC This Month

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yzmcms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
8.7%
CVE-2018-7662 MEDIUM POC THREAT This Month

Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Couch
NVD GitHub
CVSS 3.0
5.3
EPSS
43.0%
CVE-2018-7661 MEDIUM POC This Month

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wifi Baby Monitor
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-7560 HIGH PATCH This Week

index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Aws Lambda Multipart Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-7654 MEDIUM This Month

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal 3Cx
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-7652 MEDIUM PATCH This Month

lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zonemaster Web Gui
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-7651 MEDIUM PATCH This Month

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node.js Ssri
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy