Skip to main content
CVE-2018-5551 CRITICAL POC Act Now

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Dtisqlinstaller
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2018-7445 CRITICAL POC KEV THREAT Act Now

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik RCE Buffer Overflow Routeros
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
61.0%
CVE-2018-1218 HIGH POC THREAT This Week

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Buffer Overflow Emc Networker
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.0%
CVE-2018-7422 HIGH POC THREAT This Week

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Site Editor
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
63.1%
CVE-2018-5233 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Grav Cms
NVD
CVSS 3.0
6.1
EPSS
3.4%
CVE-2018-8732 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wampserver
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-1195 HIGH This Week

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment Cf Release
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2018-1197 HIGH This Week

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Microsoft Information Disclosure Windows Stemcells
NVD
CVSS 3.0
8.5
EPSS
0.6%
CVE-2018-1221 HIGH This Week

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cf Deployment Routing Release
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2018-7262 HIGH This Week

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ceph Fedora
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-8761 HIGH This Week

protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Yxcms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-5552 LOW POC Monitor

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper". Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Dtisqlinstaller
NVD
CVSS 3.0
3.3
EPSS
0.2%
CVE-2018-6843 HIGH This Week

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xperience
NVD GitHub
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-1171 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. Rated high severity (CVSS 7.0). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Smartos Solaris
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2018-1196 MEDIUM PATCH This Month

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Boot
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-6842 MEDIUM This Month

Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xperience
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy