Skip to main content
CVE-2018-3753 CRITICAL POC Act Now

The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Merge Object
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3752 CRITICAL POC PATCH Act Now

The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Merge Options
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3751 CRITICAL POC Act Now

The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Merge Recursive
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-3750 CRITICAL POC PATCH Act Now

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deep Extend
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-3749 CRITICAL POC PATCH Act Now

The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deap
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-13116 CRITICAL POC Act Now

/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-11641 CRITICAL POC Act Now

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Powermedia Xms
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-11635 CRITICAL POC Act Now

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Powermedia Xms
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-11640 CRITICAL POC Act Now

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Powermedia Xms
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2018-3754 HIGH POC This Week

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Node.js Query Mysql
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-11643 HIGH POC This Week

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Powermedia Xms
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-11636 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Powermedia Xms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-7765 HIGH POC This Week

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-11639 HIGH POC This Week

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Powermedia Xms
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2018-11642 HIGH POC This Week

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Powermedia Xms
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-11634 HIGH POC This Week

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Powermedia Xms
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-13112 HIGH POC This Week

get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-11637 HIGH POC This Week

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Powermedia Xms
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-13092 HIGH POC This Week

The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Reimbursetoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13091 HIGH POC This Week

The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sumocoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13090 HIGH POC This Week

The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Yitongcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13089 HIGH POC This Week

The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ucointoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13088 HIGH POC This Week

The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Tokenerc20
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13087 HIGH POC This Week

The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Coinstar Myadvancedtoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13086 HIGH POC This Week

The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Iadowr
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13085 HIGH POC This Week

The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Freecoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13084 HIGH POC This Week

The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Goodtimecoin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13083 HIGH POC This Week

The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Plazatoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13082 HIGH POC This Week

The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Moditokenerc20
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13081 HIGH POC This Week

The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gzstoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13080 HIGH POC This Week

The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Goutex
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13079 HIGH POC This Week

The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Goodto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13078 HIGH POC This Week

The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Jitech
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13077 HIGH POC This Week

The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ctb
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13076 HIGH POC This Week

The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Betcash
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13075 HIGH POC This Week

The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Microsoft Buffer Overflow Carbonexchangecointoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13074 HIGH POC This Week

The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Fibtoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13073 HIGH POC This Week

The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ethereumblack
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13072 HIGH POC This Week

The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Coffeecoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13071 HIGH POC This Week

The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ccindextoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13070 HIGH POC This Week

The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Encryptedtoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13069 HIGH POC This Week

The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Dychain
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13068 HIGH POC This Week

The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Azuriontoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-11638 HIGH POC This Week

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Powermedia Xms
NVD
CVSS 3.0
7.2
EPSS
4.1%
CVE-2018-3748 MEDIUM POC PATCH This Month

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-3747 MEDIUM POC PATCH This Month

The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Public Js
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13065 MEDIUM POC This Month

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modsecurity
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-12255 MEDIUM POC This Month

An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Invoiceplane
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13123 CRITICAL Act Now

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Onefilecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-11052 CRITICAL Act Now

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.0
9.8
EPSS
4.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy