Skip to main content
CVE-2018-11496 MEDIUM POC This Month

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2018-6409 MEDIUM POC THREAT This Month

An issue was discovered in Appnitro MachForm before 4.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Machform
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
14.8%
CVE-2018-11495 MEDIUM POC This Month

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Opencart
NVD
CVSS 3.0
4.9
EPSS
1.7%
CVE-2018-11487 MEDIUM This Month

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11504 MEDIUM This Month

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Discount Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-11503 MEDIUM This Month

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Discount Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy