Skip to main content
CVE-2018-3754 HIGH POC This Week

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Node.js Query Mysql
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-11643 HIGH POC This Week

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Powermedia Xms
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-11636 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Powermedia Xms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-7765 HIGH POC This Week

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-11639 HIGH POC This Week

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Powermedia Xms
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2018-11642 HIGH POC This Week

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Powermedia Xms
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-11634 HIGH POC This Week

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Powermedia Xms
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-13112 HIGH POC This Week

get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-11637 HIGH POC This Week

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Powermedia Xms
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-13092 HIGH POC This Week

The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Reimbursetoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13091 HIGH POC This Week

The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sumocoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13090 HIGH POC This Week

The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Yitongcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13089 HIGH POC This Week

The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ucointoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13088 HIGH POC This Week

The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Tokenerc20
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13087 HIGH POC This Week

The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Coinstar Myadvancedtoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13086 HIGH POC This Week

The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Iadowr
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13085 HIGH POC This Week

The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Freecoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13084 HIGH POC This Week

The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Goodtimecoin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13083 HIGH POC This Week

The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Plazatoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13082 HIGH POC This Week

The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Moditokenerc20
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13081 HIGH POC This Week

The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gzstoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13080 HIGH POC This Week

The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Goutex
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13079 HIGH POC This Week

The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Goodto
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13078 HIGH POC This Week

The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Jitech
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13077 HIGH POC This Week

The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ctb
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13076 HIGH POC This Week

The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Betcash
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13075 HIGH POC This Week

The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Microsoft Buffer Overflow Carbonexchangecointoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13074 HIGH POC This Week

The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Fibtoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13073 HIGH POC This Week

The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ethereumblack
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13072 HIGH POC This Week

The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Coffeecoin
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13071 HIGH POC This Week

The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ccindextoken
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13070 HIGH POC This Week

The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Encryptedtoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13069 HIGH POC This Week

The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Dychain
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13068 HIGH POC This Week

The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Azuriontoken
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-11638 HIGH POC This Week

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Powermedia Xms
NVD
CVSS 3.0
7.2
EPSS
4.1%
CVE-2018-7782 HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-7781 HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-7777 HIGH POC THREAT This Week

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
31.8%
CVE-2018-7774 HIGH This Week

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7773 HIGH This Week

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7772 HIGH This Week

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7769 HIGH This Week

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7768 HIGH This Week

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7767 HIGH This Week

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7766 HIGH This Week

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-4854 HIGH This Week

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-10856 HIGH PATCH This Week

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Libpod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-4851 HIGH This Week

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
8.2
EPSS
1.5%
CVE-2018-1080 HIGH PATCH This Week

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Authentication Bypass Dogtagpki
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-7771 HIGH This Week

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
8.0
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy