Skip to main content
CVE-2018-8766 CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-8769 HIGH POC This Week

elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Elfutils
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-8765 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8756 HIGH POC This Week

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Yzmcms
NVD GitHub
CVSS 3.0
7.2
EPSS
3.4%
CVE-2018-8770 MEDIUM POC THREAT This Month

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Razor
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
60.6%
CVE-2018-8767 MEDIUM POC This Month

{pre}vod_type via the t_name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-8768 HIGH PATCH This Week

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Notebook
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-8754 MEDIUM PATCH This Month

The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libevt Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy