Skip to main content
CVE-2018-8734 CRITICAL POC THREAT Emergency

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Nagios Xi
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
53.2%
CVE-2018-8733 CRITICAL POC THREAT Emergency

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass Nagios Xi
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
27.5%
CVE-2018-5341 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-5339 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2018-5338 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
9.0%
CVE-2018-5337 CRITICAL POC Act Now

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2018-8840 CRITICAL Act Now

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Web Studio Intouch Machine Edition 2017
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2018-7761 CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-7760 CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7246 CRITICAL Act Now

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2018-7243 CRITICAL Act Now

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-7242 CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-7241 CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-10199 CRITICAL PATCH Act Now

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Mruby
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-8092 CRITICAL PATCH Act Now

Mautic before 2.13.0 allows CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mautic
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-7245 CRITICAL Act Now

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy