Skip to main content
CVE-2018-0659 MEDIUM This Month

Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Attachecase
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16703 MEDIUM This Month

A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gleez Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-1757 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Identity Governance And Intelligence
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-0657 MEDIUM This Month

Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ec Cube Payment Module Gmo Pg Payment Module
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-0655 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-0652 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-16704 MEDIUM This Month

An issue was discovered in Gleez CMS v1.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gleezcms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-0660 LOW Monitor

Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Attachecase
NVD
CVSS 3.0
3.3
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy