Skip to main content
CVE-2018-16712 MEDIUM POC This Month

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Systemcare
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-16672 MEDIUM POC This Month

An issue was discovered in CIRCONTROL CirCarLife before 4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2018-17316 MEDIUM POC This Month

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C6003 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17315 MEDIUM POC This Month

On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C2003Sp Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17314 MEDIUM POC This Month

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp 305 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17313 MEDIUM POC This Month

On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C307 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17312 MEDIUM POC This Month

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aficio Mp 301Spf Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17311 MEDIUM POC This Month

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C6503 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17310 MEDIUM POC This Month

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C1803 Jpn Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17309 MEDIUM POC This Month

On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp C406Zspf Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-7355 MEDIUM POC This Month

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zte Mf65 Firmware Mf65M1 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-17081 MEDIUM POC This Month

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP E107
NVD GitHub
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-16713 MEDIUM This Month

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Advanced Systemcare
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-8846 MEDIUM This Month

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS E Alert Firmware
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15606 MEDIUM This Month

An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1550 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Denial Of Service Tivoli Storage Manager Tivoli Storage Manager For Space Management +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-7907 MEDIUM This Month

Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Agassi L09 Firmware Agassi W09 Firmware Baggio2 U01A Firmware +16
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-17556 MEDIUM This Month

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Modx Revolution
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1610 MEDIUM This Month

IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14803 MEDIUM This Month

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Alert Firmware
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-16969 MEDIUM PATCH This Month

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Sharefile Storagezones Controller
NVD
CVSS 3.0
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy