Skip to main content
CVE-2018-9018 MEDIUM POC This Month

In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-8977 MEDIUM POC This Month

In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-8976 MEDIUM POC This Month

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Exiv2 Debian Linux +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-9016 MEDIUM POC This Month

dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dsmall
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8975 MEDIUM POC This Month

The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Netpbm
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8978 MEDIUM POC This Month

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-9017 MEDIUM POC This Month

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dsmall
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9015 MEDIUM POC This Month

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dsmall
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy