Skip to main content
CVE-2018-6530 CRITICAL POC KEV THREAT Act Now

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 860L Firmware Dir 865L Firmware Dir 868l Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
96.7%
CVE-2018-7732 CRITICAL POC Act Now

An issue was discovered in YxtCMF 3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Yxtcmf
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-7733 HIGH POC This Week

An issue was discovered in YxtCMF 3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Yxtcmf
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-7182 HIGH POC PATCH THREAT This Week

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Ntp Ubuntu Linux +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
29.3%
CVE-2018-7735 HIGH POC This Week

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=list_filetypes. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-7734 HIGH POC This Week

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-7727 MEDIUM POC This Month

An issue was discovered in ZZIPlib 0.13.68. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-7726 MEDIUM POC This Month

An issue was discovered in ZZIPlib 0.13.68. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Zziplib Ubuntu Linux Enterprise Linux Desktop +2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-7725 MEDIUM POC This Month

An issue was discovered in ZZIPlib 0.13.68. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Zziplib Ubuntu Linux Enterprise Linux Desktop +2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-7736 MEDIUM POC This Month

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.3%
CVE-2018-6529 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-6528 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-6527 MEDIUM POC This Month

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 860L Firmware Dir 865L Firmware +1
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-5469 CRITICAL Act Now

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau +130
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-6809 CRITICAL Act Now

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-1343 CRITICAL Act Now

PAM exposure enabling unauthenticated access to remote host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privileged Account Manager
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1000101 CRITICAL PATCH Act Now

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mingw W64
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-7731 MEDIUM POC PATCH This Month

An issue was discovered in Exempi through 2.4.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Exempi Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-7730 MEDIUM POC PATCH This Month

An issue was discovered in Exempi through 2.4.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Exempi Debian Linux Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-7729 MEDIUM POC PATCH This Month

An issue was discovered in Exempi through 2.4.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Exempi Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-7728 MEDIUM POC PATCH This Month

An issue was discovered in Exempi through 2.4.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Exempi Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-7724 MEDIUM POC This Month

{photo_number} request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Piwigo
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2018-7723 MEDIUM POC This Month

The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Piwigo
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7722 MEDIUM POC This Month

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Piwigo
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7737 MEDIUM POC This Month

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
8.6%
CVE-2018-5465 HIGH This Week

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau +131
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-7650 MEDIUM POC This Month

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hot Scripts Clone
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-7307 HIGH PATCH This Week

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auth0 Js
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-1000100 HIGH This Week

GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gpac Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-7185 HIGH This Week

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Router Manager Skynas Virtual Diskstation Manager +12
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2018-7184 HIGH This Week

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Router Manager Skynas Virtual Diskstation Manager +6
NVD
CVSS 3.0
7.5
EPSS
8.7%
CVE-2018-6810 HIGH This Week

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Gateway Firmware Netscaler Application Delivery Controller Firmware
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-6808 HIGH This Week

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-5467 MEDIUM This Month

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau +130
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-5461 MEDIUM This Month

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau +130
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-6811 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix XSS Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-5471 MEDIUM This Month

A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau +130
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-6019 MEDIUM This Month

Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Samsung Display Solutions
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2018-7170 MEDIUM This Month

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ntp Router Manager Skynas Virtual Diskstation Manager +5
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2018-1062 MEDIUM This Month

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ovirt Engine
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2018-5729 MEDIUM PATCH This Month

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
4.7
EPSS
2.6%
CVE-2018-5730 LOW PATCH Monitor

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

LDAP Information Disclosure Code Injection Kerberos 5 Fedora +4
NVD GitHub
CVSS 3.1
3.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy