Skip to main content
CVE-2018-16314 HIGH POC This Week

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15514 HIGH POC This Week

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Deserialization Docker
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-16308 HIGH POC This Week

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Ninja Forms
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
1.8%
CVE-2018-16302 HIGH POC This Week

MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zip N Go
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.3%
CVE-2018-16303 HIGH POC This Week

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Pdf Xchange Editor
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-16320 HIGH This Week

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Icms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy