Skip to main content
CVE-2018-6458 HIGH POC THREAT This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Easy Hosting Control Panel
NVD
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-6023 HIGH POC This Week

Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fastgate Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-6619 HIGH POC This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easy Hosting Control Panel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6618 HIGH POC This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easy Hosting Control Panel
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6617 HIGH POC This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Easy Hosting Control Panel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6362 MEDIUM POC This Month

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-6361 MEDIUM POC THREAT This Month

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.0
6.1
EPSS
39.6%
CVE-2018-10992 CRITICAL Act Now

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Lilypond
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1260 CRITICAL PATCH Act Now

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE Spring Security Oauth
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2018-10832 MEDIUM POC This Month

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Modbuspal
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
6.0%
CVE-2018-5303 MEDIUM POC This Month

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS R420 Rfid Reader Firmware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10580 MEDIUM POC This Month

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Latest Posts On Profile
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-7248 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.1
5.3
EPSS
6.4%
CVE-2018-1258 HIGH PATCH This Week

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Spring Security Spring Framework Agile Plm +39
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-1259 HIGH PATCH This Week

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Data Commons Spring Data Rest Xmlbeam
NVD VulDB
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-5304 MEDIUM POC This Month

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect R420 Rfid Reader Firmware
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-1280 HIGH This Week

Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Greenplum Command Center
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1278 MEDIUM This Month

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pivotal Application Service
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1257 MEDIUM PATCH This Month

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Spring Framework Openshift Agile Product Lifecycle Management +27
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-1261 MEDIUM PATCH This Month

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Java Path Traversal Spring Integration Zip
NVD
CVSS 3.1
4.7
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy