Skip to main content
CVE-2018-16323 MEDIUM POC PATCH THREAT This Month

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
49.3%
CVE-2018-16315 MEDIUM POC This Month

In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-15161 MEDIUM POC This Month

The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15160 MEDIUM POC This Month

The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15159 MEDIUM POC This Month

The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15158 MEDIUM POC This Month

The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libesedb
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15157 MEDIUM POC This Month

The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libfsclfs
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-16325 MEDIUM POC This Month

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16324 MEDIUM POC This Month

In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-16313 MEDIUM POC This Month

Bludit 2.3.4 allows XSS via a user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16327 MEDIUM POC This Month

There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16316 MEDIUM PATCH This Month

A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Portainer
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy