Skip to main content
CVE-2018-16367 CRITICAL POC Act Now

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onlinejudge
NVD GitHub
CVSS 3.0
9.9
EPSS
2.2%
CVE-2018-16352 CRITICAL POC Act Now

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Weaselcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-16366 HIGH POC This Week

An issue was discovered in idreamsoft iCMS V7.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16365 HIGH POC This Week

An issue was discovered in idreamsoft iCMS V7.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16345 HIGH POC This Week

An issue was discovered in EasyCMS 1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Easycms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16339 HIGH POC This Week

An issue was discovered in EmpireCMS 7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Empirecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16338 HIGH POC This Week

An issue was discovered in AuraCMS 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Auracms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16334 HIGH POC This Week

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac10 Firmware Ac9 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-16332 HIGH POC This Week

An issue was discovered in iCMS 7.0.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16331 HIGH POC This Week

admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-16344 HIGH POC This Week

An issue was discovered in zzcms 8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zzcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-16333 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac18 Firmware Ac15 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-16343 HIGH POC This Week

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Seacms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.7%
CVE-2018-16337 MEDIUM POC This Month

An issue was discovered in Cscms V4.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cscms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-16350 MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16349 MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16347 MEDIUM POC This Month

An issue was discovered in Gleez CMS v1.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gleez Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16330 MEDIUM POC This Month

Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16354 CRITICAL Act Now

An issue was discovered in FHCRM through 2018-02-11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Fhcrm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-16353 CRITICAL Act Now

An issue was discovered in FHCRM through 2018-02-11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Fhcrm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-16342 MEDIUM POC This Month

ShowDoc v1.8.0 has XSS via a new page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Showdoc
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16348 MEDIUM POC This Month

SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16346 MEDIUM POC This Month

ChemCMS 1.0.6 has XSS via the "setting -> website information" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chemcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16335 HIGH PATCH This Week

newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16359 MEDIUM This Month

Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Gvisor
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-16336 MEDIUM This Month

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Exiv2 Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-16362 MEDIUM This Month

An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE PHP Source Integration
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-16358 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dotclear
NVD
CVSS 3.0
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy