Skip to main content
CVE-2018-9059 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Easy File Sharing Web Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
77.3%
CVE-2018-10173 HIGH POC This Week

Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Management Console
NVD
CVSS 3.0
8.8
EPSS
5.4%
CVE-2018-10249 HIGH POC This Week

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10079 HIGH POC This Week

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Watchdog Console
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2018-10201 HIGH POC THREAT This Week

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vspace Pro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
45.6%
CVE-2018-10176 MEDIUM POC This Month

Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Management Console
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10248 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-8826 CRITICAL Act Now

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ac51U Firmware Rt Ac58U Firmware Rt Ac66U Firmware Rt Ac1750 Firmware +9
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-1290 CRITICAL Act Now

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache Fineract
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-10238 CRITICAL PATCH Act Now

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Bacnet Protocol Stack
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-10250 MEDIUM POC This Month

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10245 MEDIUM POC This Month

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awstats
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-10077 MEDIUM POC This Month

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Watchdog Console
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
8.3%
CVE-2018-7747 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Caldera Forms
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
4.6%
CVE-2018-10078 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Watchdog Console
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
2.1%
CVE-2018-1289 HIGH This Week

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Fineract
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-6960 HIGH This Week

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware Horizon Daas
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-1292 HIGH This Week

Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Fineract
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-1291 HIGH This Week

Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Fineract
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-0564 HIGH This Week

Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Ec Cube
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-10175 MEDIUM This Month

Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Management Console
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-10174 MEDIUM This Month

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Management Console
NVD
CVSS 3.0
6.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy