Skip to main content
CVE-2018-12039 CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-12031 CRITICAL POC THREAT Act Now

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Intelligent Power Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
17.3%
CVE-2018-3739 CRITICAL POC PATCH Act Now

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Https Proxy Agent
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2018-0321 CRITICAL Act Now

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Cisco Prime Collaboration Prime Collaboration Assurance +1
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-0320 CRITICAL Act Now

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-0319 CRITICAL Act Now

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-0318 CRITICAL Act Now

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-0315 CRITICAL Act Now

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
9.8
EPSS
8.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy