Skip to main content
CVE-2018-6362 MEDIUM POC This Month

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-6361 MEDIUM POC THREAT This Month

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.0
6.1
EPSS
39.6%
CVE-2018-10832 MEDIUM POC This Month

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Modbuspal
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
6.0%
CVE-2018-5303 MEDIUM POC This Month

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS R420 Rfid Reader Firmware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10580 MEDIUM POC This Month

The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Latest Posts On Profile
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-7248 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.1
5.3
EPSS
6.4%
CVE-2018-5304 MEDIUM POC This Month

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect R420 Rfid Reader Firmware
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-1278 MEDIUM This Month

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pivotal Application Service
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1257 MEDIUM PATCH This Month

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Spring Framework Openshift Agile Product Lifecycle Management +27
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-1261 MEDIUM PATCH This Month

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Java Path Traversal Spring Integration Zip
NVD
CVSS 3.1
4.7
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy