Skip to main content
CVE-2018-16314 HIGH POC This Week

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15514 HIGH POC This Week

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Deserialization Docker
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-16308 HIGH POC This Week

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Ninja Forms
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
1.8%
CVE-2018-16302 HIGH POC This Week

MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zip N Go
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.3%
CVE-2018-16303 HIGH POC This Week

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Pdf Xchange Editor
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-16323 MEDIUM POC PATCH THREAT This Month

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
49.3%
CVE-2018-16315 MEDIUM POC This Month

In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-15161 MEDIUM POC This Month

The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15160 MEDIUM POC This Month

The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15159 MEDIUM POC This Month

The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15158 MEDIUM POC This Month

The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15157 MEDIUM POC This Month

The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libfsclfs
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-16325 MEDIUM POC This Month

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16324 MEDIUM POC This Month

In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-16313 MEDIUM POC This Month

Bludit 2.3.4 allows XSS via a user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16329 CRITICAL Act Now

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-16328 CRITICAL Act Now

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-16327 MEDIUM POC This Month

There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16320 HIGH This Week

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Icms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-16316 MEDIUM PATCH This Month

A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Portainer
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy