Skip to main content
CVE-2018-16402 CRITICAL POC Act Now

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elfutils Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-16385 CRITICAL POC PATCH Act Now

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Thinkphp
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-16370 CRITICAL POC Act Now

In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pescms Team
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-16416 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fuel Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-16413 HIGH POC This Week

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
4.2%
CVE-2018-16412 HIGH POC This Week

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Imagemagick Leap
NVD GitHub
CVSS 3.0
8.8
EPSS
4.5%
CVE-2018-16387 HIGH POC PATCH This Week

An issue was discovered in Elefant CMS before 2.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Elefantcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-16380 HIGH POC This Week

An issue was discovered in Ogma CMS 0.4 Beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ogma Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-16384 HIGH POC This Week

{`a`b} where a is a special function name (such as "if") and b is the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Owasp Modsecurity Core Rule Set
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-16408 HIGH POC This Week

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
4.7%
CVE-2018-16393 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-16392 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-16391 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-16410 MEDIUM POC PATCH This Month

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Vanilla
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-16407 MEDIUM POC PATCH This Month

An issue was discovered in Mayan EDMS before 3.0.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mayan Edms
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-16406 MEDIUM POC PATCH This Month

An issue was discovered in Mayan EDMS before 3.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mayan Edms
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-16405 MEDIUM POC PATCH This Month

An issue was discovered in Mayan EDMS before 3.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mayan Edms
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-16371 MEDIUM POC This Month

PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pescms Team
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16403 MEDIUM POC This Month

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Elfutils
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-16382 MEDIUM POC This Month

Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-16369 MEDIUM POC This Month

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-16368 MEDIUM POC This Month

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-16373 MEDIUM POC This Month

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.1%
CVE-2018-16379 MEDIUM POC This Month

Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ogma Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16376 HIGH This Week

An issue was discovered in OpenJPEG 2.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Openjpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-16375 HIGH PATCH This Week

An issue was discovered in OpenJPEG 2.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Openjpeg
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-16374 MEDIUM POC This Month

Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frog Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16409 HIGH This Week

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gogs
NVD GitHub
CVSS 3.0
8.6
EPSS
1.3%
CVE-2018-16398 HIGH PATCH This Week

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docker Authz Broker
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-16372 MEDIUM This Month

The issue was discovered in IdeaCMS through 2016-04-30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ideacms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16397 MEDIUM This Month

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Limesurvey
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy