Skip to main content
CVE-2018-1213 HIGH POC This Week

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dell Emc Isilon Onefs
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-7658 HIGH POC THREAT This Week

NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Network Time System
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
39.8%
CVE-2018-1204 MEDIUM POC This Month

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell RCE Path Traversal Emc Isilon Onefs
NVD Exploit-DB
CVSS 3.0
6.7
EPSS
2.4%
CVE-2018-1203 MEDIUM POC This Month

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell RCE Emc Isilon Onefs
NVD Exploit-DB
CVSS 3.0
6.7
EPSS
2.2%
CVE-2018-7543 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Duplicator
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.5%
CVE-2018-8937 MEDIUM POC This Month

An issue was discovered in Open-AudIT Professional 2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Open Audit
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1312 CRITICAL Act Now

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Http Server Ubuntu Linux Debian Linux +10
NVD
CVSS 3.1
9.8
EPSS
15.9%
CVE-2018-5474 CRITICAL Act Now

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intellispace Portal
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2018-5472 CRITICAL Act Now

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Microsoft RCE Intellispace Portal
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-5468 CRITICAL Act Now

Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation RCE Intellispace Portal
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-9020 MEDIUM POC This Month

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Events Manager
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-1202 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.2%
CVE-2018-1201 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1189 MEDIUM POC THREAT This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
28.7%
CVE-2018-1188 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1187 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1186 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-8802 HIGH This Week

SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Clearpath Eportal Manager Eportal 2200
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-5454 HIGH This Week

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Intellispace Portal
NVD
CVSS 3.0
8.1
EPSS
3.5%
CVE-2018-5470 HIGH This Week

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Intellispace Portal
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-7673 HIGH This Week

The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-1303 HIGH This Week

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Apache Buffer Overflow Http Server +6
NVD
CVSS 3.0
7.5
EPSS
70.8%
CVE-2018-5466 HIGH This Week

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellispace Portal
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5464 HIGH This Week

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellispace Portal
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5462 HIGH This Week

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellispace Portal
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5458 HIGH This Week

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellispace Portal
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1348 HIGH This Week

NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
7.4
EPSS
1.1%
CVE-2018-1302 MEDIUM This Month

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Apache Http Server Ubuntu Linux +4
NVD
CVSS 3.0
5.9
EPSS
13.4%
CVE-2018-1301 MEDIUM This Month

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Buffer Overflow Http Server Debian Linux Ubuntu Linux +5
NVD
CVSS 3.0
5.9
EPSS
15.6%
CVE-2018-1350 MEDIUM This Month

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-1349 MEDIUM This Month

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-1283 MEDIUM This Month

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Http Server Debian Linux Ubuntu Linux +5
NVD
CVSS 3.0
5.3
EPSS
10.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy