Skip to main content
CVE-2018-13038 CRITICAL POC Act Now

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Opensid
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-13040 HIGH POC This Week

OpenSID 18.06-pasca has a CSRF vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Opensid
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-13032 HIGH POC This Week

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Shieldlink Sl175Ehq Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-13037 HIGH POC This Week

An issue was discovered in jpeg-compressor 0.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jpeg Compressor
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-13041 HIGH POC This Week

The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Linktoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13039 MEDIUM POC This Month

OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Opensid
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-13043 CRITICAL PATCH Act Now

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Debian RCE Devscripts Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-13033 MEDIUM POC This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +1
NVD
CVSS 3.0
5.5
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy