Skip to main content
CVE-2018-10016 MEDIUM POC This Month

Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-10051 MEDIUM POC This Month

iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Supportdesk
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10023 MEDIUM POC This Month

Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Catfish Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-7660 MEDIUM POC This Month

In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Documentum D2
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7659 MEDIUM POC This Month

In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Documentum D2
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10052 MEDIUM POC This Month

iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Supportdesk
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10049 MEDIUM POC This Month

iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10033 MEDIUM POC This Month

CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10032 MEDIUM POC This Month

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10029 MEDIUM POC This Month

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10026 MEDIUM POC This Month

The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-9992 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frog Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-9991 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frog Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-0017 MEDIUM This Month

A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-10017 MEDIUM PATCH This Month

soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Libopenmpt Openmpt
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-10001 MEDIUM This Month

The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Ffmpeg Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-1483 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10000 MEDIUM This Month

The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Video Downloader
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-0019 MEDIUM PATCH This Month

A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-0018 MEDIUM PATCH This Month

On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-7930 MEDIUM This Month

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 9 Firmware
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-0023 MEDIUM PATCH This Month

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Python Juniper Jsnapy
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-10021 MEDIUM This Month

drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-10028 MEDIUM This Month

joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joyplus Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy