Skip to main content
CVE-2018-12465 HIGH POC THREAT Act Now

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Secure Messaging Gateway
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
79.0%
CVE-2018-13010 HIGH POC This Week

WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wstmall
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-12995 HIGH POC This Week

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Onefilecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-12994 HIGH POC This Week

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Onefilecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-12983 HIGH POC This Week

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-12999 HIGH POC This Week

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD GitHub
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-12997 HIGH POC This Week

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2018-12988 HIGH POC This Week

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Greencms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-13024 HIGH POC This Week

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Metinfo
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2018-13021 HIGH POC This Week

An issue was discovered in HongCMS 3.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Hongcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-13012 HIGH This Week

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Softcontrol Enterprise Suite Softcontrol Syswatch Softcontrol Tpsecure
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2018-8901 HIGH This Week

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-13014 HIGH This Week

Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Suite Syswatch Tpsecure
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-13013 HIGH This Week

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Suite Syswatch Tpsecure
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-10860 HIGH PATCH This Week

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ubuntu Linux Debian Linux Perl Archive Zip
NVD
CVSS 3.0
7.5
EPSS
48.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy