Skip to main content
CVE-2018-1002202 MEDIUM POC PATCH THREAT This Month

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zip4J
NVD GitHub
CVSS 3.0
6.5
EPSS
13.1%
CVE-2018-14493 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
40.4%
CVE-2018-14430 MEDIUM POC This Month

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Multi Step Form
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1002206 MEDIUM POC PATCH This Month

SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Sharpcompress
NVD GitHub VulDB
CVSS 3.0
5.5
EPSS
2.5%
CVE-2018-1002208 MEDIUM POC PATCH This Month

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Sharpziplib
NVD GitHub
CVSS 3.1
5.5
EPSS
8.9%
CVE-2018-1002207 MEDIUM POC PATCH This Month

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Archiver
NVD GitHub
CVSS 3.0
5.5
EPSS
2.5%
CVE-2018-1002204 MEDIUM POC PATCH THREAT This Month

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Node.js Adm Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
15.4%
CVE-2018-1002203 MEDIUM POC PATCH THREAT This Month

unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Node.js Unzipper
NVD GitHub
CVSS 3.0
5.5
EPSS
11.9%
CVE-2018-1002201 MEDIUM POC PATCH THREAT This Month

zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Zt Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
10.3%
CVE-2018-1002200 MEDIUM POC PATCH THREAT This Month

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Plexus Archiver Debian Linux Enterprise Linux Enterprise Linux Desktop +1
NVD GitHub
CVSS 3.0
5.5
EPSS
13.2%
CVE-2018-10880 MEDIUM POC PATCH This Month

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Debian Linux +3
NVD
CVSS 3.0
5.5
EPSS
2.9%
CVE-2018-13988 MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Poppler Ubuntu Linux +6
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-6972 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service VMware Workstation Fusion +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-1002209 MEDIUM PATCH This Month

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Quazip
NVD GitHub
CVSS 3.0
5.5
EPSS
5.9%
CVE-2018-1002205 MEDIUM PATCH This Month

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Dotnetzip Semverd
NVD GitHub
CVSS 3.1
5.5
EPSS
10.4%
CVE-2018-5537 MEDIUM This Month

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +6
NVD
CVSS 3.0
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy