Skip to main content
CVE-2018-14630 HIGH POC PATCH This Week

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Moodle
NVD
CVSS 3.0
8.8
EPSS
4.4%
CVE-2018-17139 HIGH POC This Week

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Ultimatepos
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-17143 HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17142 HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17127 HIGH POC This Week

blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gt Ac5300 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17125 HIGH POC This Week

CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Cscms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-17134 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17133 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17132 HIGH POC This Week

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17131 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-1223 HIGH This Week

Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundry Container Runtime
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2018-1198 HIGH This Week

Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Cloud Cache
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11088 HIGH This Week

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Application Service
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11086 HIGH This Week

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Application Service
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11781 HIGH This Week

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Apache Spamassassin Ubuntu Linux +5
NVD
CVSS 3.0
7.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy