Skip to main content
CVE-2018-6458 HIGH POC THREAT This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Easy Hosting Control Panel
NVD
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-6023 HIGH POC This Week

Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fastgate Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-6619 HIGH POC This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easy Hosting Control Panel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6618 HIGH POC This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easy Hosting Control Panel
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6617 HIGH POC This Week

Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Easy Hosting Control Panel
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1258 HIGH PATCH This Week

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Spring Security Spring Framework Agile Plm +39
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-1259 HIGH PATCH This Week

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Data Commons Spring Data Rest Xmlbeam
NVD VulDB
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-1280 HIGH This Week

Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Greenplum Command Center
NVD
CVSS 3.0
7.5
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy