Skip to main content
CVE-2018-11473 MEDIUM POC This Month

Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-11443 MEDIUM POC This Month

The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easyservice Billing
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.7%
CVE-2018-11468 MEDIUM POC This Month

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Discount Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-11471 MEDIUM POC This Month

Cockpit 0.5.5 has XSS via a collection, form, or region. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cockpit
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1135 MEDIUM PATCH This Month

An issue was discovered in Moodle 3.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1134 MEDIUM PATCH This Month

An issue was discovered in Moodle 3.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Moodle
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-11472 MEDIUM This Month

Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-11469 MEDIUM This Month

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Haproxy Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-6234 MEDIUM This Month

An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-1452 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1451 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1450 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1449 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1136 MEDIUM PATCH This Month

An issue was discovered in Moodle 3.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Moodle
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy