Skip to main content
CVE-2018-16548 MEDIUM POC This Month

An issue was discovered in ZZIPlib through 0.13.69. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-16381 MEDIUM POC This Month

e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP E107
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16361 MEDIUM POC PATCH This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16148 MEDIUM POC This Month

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-16147 MEDIUM POC This Month

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15683 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Xbtit
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15679 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15678 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT 2.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15677 MEDIUM POC PATCH This Month

The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF XSS PHP Xbtit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2018-16516 MEDIUM POC PATCH This Month

helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Flask Admin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-16551 MEDIUM POC This Month

LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lavalite
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-15918 MEDIUM POC This Month

An issue was discovered in Jorani 0.6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jorani
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
2.9%
CVE-2018-15917 MEDIUM POC This Month

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jorani
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
6.5%
CVE-2018-16549 MEDIUM POC This Month

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Php File Browser Script
NVD
CVSS 3.0
5.3
EPSS
2.5%
CVE-2018-15684 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Xbtit
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-15676 MEDIUM POC This Month

An issue was discovered in BTITeam XBTIT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xbtit
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-16437 MEDIUM POC This Month

Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gxlcms
NVD
CVSS 3.0
4.9
EPSS
1.6%
CVE-2018-16546 MEDIUM This Month

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Amcrest Ipc Hx1X3X Lexus Eng N Amcrest
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-9194 MEDIUM This Month

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-9192 MEDIUM This Month

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-16542 MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-16541 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16539 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-1353 MEDIUM This Month

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortimanager
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy