Skip to main content
CVE-2018-7196 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD VulDB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-7193 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD VulDB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-7192 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD VulDB
CVSS 3.0
6.1
EPSS
2.1%
CVE-2018-9039 MEDIUM POC This Month

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Octopus Deploy
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-8763 MEDIUM POC This Month

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux Ldap Account Manager
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-6882 MEDIUM POC KEV THREAT This Month

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
23.7%
CVE-2018-9056 MEDIUM POC This Month

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Information Disclosure Atom C Atom E Atom X3 Atom Z +205
NVD
CVSS 3.0
5.6
EPSS
0.7%
CVE-2018-9058 MEDIUM POC This Month

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-9055 MEDIUM POC This Month

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-7194 MEDIUM POC This Month

Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Osticket
NVD VulDB
CVSS 3.0
4.9
EPSS
1.3%
CVE-2018-0739 MEDIUM PATCH This Month

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
19.3%
CVE-2018-8048 MEDIUM PATCH This Month

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Debian Linux Loofah
NVD GitHub
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-0733 MEDIUM This Month

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP OpenSSL Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
8.6%
CVE-2018-1091 MEDIUM PATCH This Month

In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-0202 MEDIUM PATCH This Month

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Cisco Clamav +2
NVD
CVSS 3.0
5.5
EPSS
2.7%
CVE-2018-0198 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy