Skip to main content
CVE-2018-12464 CRITICAL POC THREAT Emergency

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Secure Messaging Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.5%
CVE-2018-12465 HIGH POC THREAT Act Now

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Secure Messaging Gateway
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
79.0%
CVE-2018-13011 CRITICAL POC Act Now

An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gpmf Parser
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13009 CRITICAL POC Act Now

An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gpmf Parser
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13008 CRITICAL POC Act Now

An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gpmf Parser
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13007 CRITICAL POC Act Now

An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gpmf Parser
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13005 CRITICAL POC Act Now

An issue was discovered in MP4Box in GPAC 0.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Debian Linux Gpac Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-12993 CRITICAL POC Act Now

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Onefilecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-12984 CRITICAL POC Act Now

Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hycus Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-13010 HIGH POC This Week

WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wstmall
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-12995 HIGH POC This Week

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Onefilecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-12994 HIGH POC This Week

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Onefilecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-12983 HIGH POC This Week

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-12999 HIGH POC This Week

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-12997 HIGH POC This Week

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2018-12988 HIGH POC This Week

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Greencms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-13024 HIGH POC This Week

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Metinfo
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-13021 HIGH POC This Week

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Hongcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-12971 MEDIUM POC This Month

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-13001 MEDIUM POC This Month

An XSS issue was discovered in Sandoba CP:Shop v2016.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cp
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12998 MEDIUM POC THREAT This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
6.1
EPSS
98.5%
CVE-2018-12996 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Applications Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-13006 CRITICAL PATCH Act Now

An issue was discovered in MP4Box in GPAC 0.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Debian Linux Gpac Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-12972 CRITICAL Act Now

An issue was discovered in OpenTSDB 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Opentsdb
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-12982 MEDIUM POC This Month

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-13002 MEDIUM POC This Month

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Core Grid
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-13000 MEDIUM POC This Month

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Advanced Electron Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-12992 MEDIUM POC This Month

An issue was discovered CMS MaeloStore V.1.5.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maelostore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-13012 HIGH This Week

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Softcontrol Enterprise Suite Softcontrol Syswatch Softcontrol Tpsecure
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2018-8901 HIGH This Week

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-13014 HIGH This Week

Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Suite Syswatch Tpsecure
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-13013 HIGH This Week

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Suite Syswatch Tpsecure
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-10860 HIGH PATCH This Week

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ubuntu Linux Debian Linux Perl Archive Zip
NVD
CVSS 3.0
7.5
EPSS
48.7%
CVE-2018-8902 MEDIUM This Month

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Avalanche
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-13003 MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12973 MEDIUM This Month

An issue was discovered in OpenTSDB 2.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opentsdb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13025 MEDIUM This Month

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Yxcms
NVD GitHub
CVSS 3.0
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy