Skip to main content
CVE-2018-11311 CRITICAL POC THREAT Act Now

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mypro
NVD GitHub Exploit-DB
CVSS 3.0
9.1
EPSS
15.9%
CVE-2018-11319 HIGH POC PATCH This Week

Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Path Traversal Syntastic Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-11242 MEDIUM POC This Month

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Makemytrip
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
4.1%
CVE-2018-11315 MEDIUM POC This Month

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Ct50 Firmware Ct80 Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy