Skip to main content
CVE-2018-10176 MEDIUM POC This Month

Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Management Console
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10248 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-10250 MEDIUM POC This Month

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10245 MEDIUM POC This Month

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awstats
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-10077 MEDIUM POC This Month

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Watchdog Console
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
8.3%
CVE-2018-7747 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Caldera Forms
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
4.6%
CVE-2018-10078 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Watchdog Console
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
2.1%
CVE-2018-10175 MEDIUM This Month

Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Management Console
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-10174 MEDIUM This Month

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Management Console
NVD
CVSS 3.0
6.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy