Skip to main content
CVE-2018-16141 MEDIUM POC This Month

ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP Thinkcmfx
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-16236 MEDIUM POC This Month

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16234 MEDIUM POC This Month

MorningStar WhatWeb 0.4.9 has XSS via JSON report files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Whatweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16233 MEDIUM POC This Month

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-14899 MEDIUM POC This Month

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wf 2750 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16142 MEDIUM POC This Month

PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16157 MEDIUM POC This Month

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
0.7%
CVE-2018-15479 MEDIUM This Month

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Switch Firmware Wifi Button Plus Firmware Wifi Button Firmware Wifi Switch Eu Firmware +2
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-13825 MEDIUM PATCH This Month

Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Project Portfolio Management
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-11719 MEDIUM This Month

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Pc2R Firmware Pc3 Firmware Pc2 Firmware
NVD
CVSS 3.0
4.9
EPSS
0.8%
CVE-2018-15364 MEDIUM This Month

A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on. Rated medium severity (CVSS 4.7). No vendor patch available.

Trend Micro Information Disclosure Buffer Overflow Officescan Xg
NVD
CVSS 3.0
4.7
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy