Skip to main content
CVE-2018-6229 CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-6228 CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-6223 CRITICAL POC PATCH THREAT Act Now

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Trend Micro Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.6%
CVE-2018-6220 CRITICAL POC PATCH THREAT Act Now

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.4%
CVE-2018-7756 CRITICAL POC THREAT Act Now

RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Dewesoft
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
62.5%
CVE-2018-7702 CRITICAL POC THREAT Act Now

SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Securmail
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
14.7%
CVE-2018-6224 HIGH POC PATCH This Week

A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Trend Micro Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-8717 HIGH POC This Week

{pre}manager request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Joyplus Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-6221 HIGH POC PATCH This Week

An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Trend Micro Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
6.4%
CVE-2018-8715 HIGH POC PATCH THREAT This Week

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Appweb
NVD GitHub
CVSS 3.0
8.1
EPSS
19.9%
CVE-2018-7705 HIGH POC This Week

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Securmail
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
6.3%
CVE-2018-6222 HIGH POC PATCH This Week

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Command Injection Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-7886 HIGH POC This Week

An issue was discovered in CloudMe 1.11.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Sync
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-6230 MEDIUM POC PATCH This Month

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
3.5%
CVE-2018-6219 MEDIUM POC This Month

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.1%
CVE-2018-7706 MEDIUM POC This Month

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Securmail
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.1%
CVE-2018-7704 MEDIUM POC This Month

SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Securmail
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.9%
CVE-2018-7701 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Securmail
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-8729 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Activity Log
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
5.6%
CVE-2018-8721 MEDIUM POC This Month

Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-7707 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Securmail
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.7%
CVE-2018-7703 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Securmail
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.2%
CVE-2018-7033 CRITICAL PATCH Act Now

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Slurm Debian Linux
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-6231 CRITICAL Act Now

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Command Injection Smart Protection Server
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2018-6227 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XSS Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-6226 MEDIUM POC PATCH This Month

Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XSS Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-8045 HIGH This Week

In Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.0
8.8
EPSS
29.2%
CVE-2018-6225 MEDIUM POC PATCH This Month

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XXE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
4.1%
CVE-2018-5476 HIGH This Week

A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2018-8076 HIGH This Week

ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Zenmate
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1319 MEDIUM This Month

In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Allura
NVD
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-8728 MEDIUM PATCH This Month

server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kontena
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-8722 MEDIUM This Month

Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-8720 MEDIUM This Month

ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS It Service Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6957 MEDIUM This Month

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Workstation Pro Workstation Player Fusion
NVD
CVSS 3.0
5.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy