Skip to main content
CVE-2018-11501 HIGH POC This Week

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Website Seller Script
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11500 HIGH POC This Week

An issue was discovered in PublicCMS V4.0.20180210. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Publiccms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11493 HIGH POC This Week

An issue was discovered in WUZHI CMS 4.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-11489 HIGH POC This Week

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Giflib Sam2P
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-11494 HIGH POC This Week

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Path Traversal Opencart
NVD
CVSS 3.0
8.0
EPSS
2.4%
CVE-2018-11505 HIGH POC This Week

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Werewolf Online
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.2%
CVE-2018-11490 HIGH This Week

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Giflib Sam2P Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2018-11498 HIGH This Week

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Lizard Lz5
NVD GitHub
CVSS 3.0
7.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy