Skip to main content
CVE-2018-17575 CRITICAL POC Act Now

SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Swa Jacad
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-17573 CRITICAL POC Act Now

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Wp Insert
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-17397 CRITICAL POC Act Now

SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Alphaindex Dictionaries
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17394 CRITICAL POC Act Now

SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Timetable Schedule
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17391 CRITICAL POC Act Now

SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Super Cms Blog Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17385 CRITICAL POC Act Now

SQL Injection exists in the Social Factory 3.8.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Social Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17384 CRITICAL POC Act Now

SQL Injection exists in the Swap Factory 2.2.1 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Swap Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17383 CRITICAL POC Act Now

SQL Injection exists in the Collection Factory 4.1.9 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Collection Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17382 CRITICAL POC Act Now

SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jobs Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17380 CRITICAL POC Act Now

SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Article Factory Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17379 CRITICAL POC Act Now

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Raffle Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17378 CRITICAL POC Act Now

SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Penny Auction Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-17377 CRITICAL POC Act Now

SQL Injection exists in the Questions 1.4.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Questions
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17376 CRITICAL POC Act Now

SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reverse Auction Factory
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17375 CRITICAL POC Act Now

SQL Injection exists in the Music Collection 3.0.3 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Music Collection
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-16659 CRITICAL POC Act Now

An issue was discovered in Rausoft ID.prove 2.95. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft Id Prove
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-14957 CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Isweb
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14956 CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Isweb
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-9079 CRITICAL Act Now

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-15764 CRITICAL Act Now

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell RCE Esrs Policy Manager
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2018-5393 CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization TP-Link Eap Controller
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2018-17613 CRITICAL Act Now

Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telegram Desktop
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-17611 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17610 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17609 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17608 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17607 CRITICAL PATCH Act Now

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Denial Of Service Phantompdf +1
NVD
CVSS 3.0
9.8
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy