Skip to main content
CVE-2018-7921 MEDIUM POC THREAT This Month

Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Huawei Information Disclosure B315S 22 Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
13.2%
CVE-2018-16980 MEDIUM POC This Month

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16979 MEDIUM POC This Month

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
3.0%
CVE-2018-16978 MEDIUM POC This Month

Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monstra
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15834 MEDIUM POC PATCH This Month

In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-16729 MEDIUM POC This Month

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pluck
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16727 MEDIUM POC This Month

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16726 MEDIUM POC This Month

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16605 MEDIUM POC This Month

D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 600M Firmware
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-16977 MEDIUM POC This Month

Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Monstra
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-16971 MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Learning Management System
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-16970 MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Learning Management System
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-3659 MEDIUM This Month

A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-7572 MEDIUM This Month

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ivanti Pulse Secure Desktop
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-3686 MEDIUM PATCH This Month

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Code Injection RCE Intel Sa 00086 Detection Tool
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-3657 MEDIUM PATCH This Month

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Intel RCE Buffer Overflow Simatic Field Pg M5 Firmware Simatic Ipc427E Firmware +12
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2018-12150 MEDIUM PATCH This Month

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Intel Privilege Escalation Buffer Overflow Extreme Tuning Utility
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-16389 MEDIUM PATCH This Month

e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP E107
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-16950 MEDIUM This Month

Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dg400 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-3616 MEDIUM PATCH This Month

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Intel Information Disclosure Converged Security Management Engine Firmware Active Management Technology Firmware Manageability Engine Firmware +11
NVD
CVSS 3.1
5.9
EPSS
2.4%
CVE-2018-12151 MEDIUM PATCH This Month

Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Denial Of Service Buffer Overflow Extreme Tuning Utility
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-12149 MEDIUM PATCH This Month

Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Buffer Overflow Extreme Tuning Utility
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-7906 MEDIUM This Month

Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Leland Al00 Firmware Lleland Al00A Firmware
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-16728 MEDIUM This Month

feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Feindura
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-3658 MEDIUM PATCH This Month

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Intel Denial Of Service Simatic Field Pg M5 Firmware Simatic Ipc427E Firmware Simatic Ipc477E Firmware +11
NVD
CVSS 3.1
5.3
EPSS
3.3%
CVE-2018-12160 MEDIUM This Month

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Data Migration Software
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-12163 MEDIUM This Month

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Iot Developers Kit
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-7939 MEDIUM This Month

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei G9 Lite Firmware Honor 5A Firmware Honor 5A +2
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-1773 MEDIUM PATCH This Month

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Datacap
NVD
CVSS 3.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy