Skip to main content
CVE-2018-9245 CRITICAL POC Act Now

The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ericsson Ipecs Nms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-10285 CRITICAL POC THREAT Act Now

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ericsson Ipecs Nms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
13.2%
CVE-2018-10295 HIGH POC This Week

ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Chemcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10286 HIGH POC This Week

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ericsson Information Disclosure PostgreSQL Ipecs Nms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
6.6%
CVE-2018-10267 HIGH POC This Week

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wtcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10289 MEDIUM POC This Month

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2018-10298 MEDIUM POC This Month

Discuz!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Discuzx
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10297 MEDIUM POC This Month

Discuz!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Discuzx
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10268 MEDIUM POC This Month

An issue was discovered in FastAdmin V1.0.0.20180417_beta. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fastadmin
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10266 HIGH This Week

BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Beescms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10265 HIGH This Week

An issue was discovered in HongCMS v3.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Hongcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10296 MEDIUM This Month

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy