Skip to main content
CVE-2018-0505 MEDIUM POC PATCH This Month

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-17871 MEDIUM POC This Month

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Verba Collaboration Compliance And Quality Management Platform
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-16456 MEDIUM POC This Month

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Website Seller Script
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16455 MEDIUM POC This Month

PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Marketplace Script
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-16453 MEDIUM POC This Month

PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domain Lookup Script
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16326 MEDIUM POC This Month

PHP Scripts Mall Olx Clone 3.4.2 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Olx Clone
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17876 MEDIUM POC This Month

A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coaster Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17849 MEDIUM POC This Month

Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS PHP Navigate Cms
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-16457 MEDIUM POC This Month

PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Open Source Real Estate Script
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-11784 MEDIUM POC PATCH THREAT This Month

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Tomcat Open Redirect Debian Linux Ubuntu Linux +12
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
94.5%
CVE-2018-0504 MEDIUM PATCH This Month

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-17985 MEDIUM This Month

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Binutils
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-1604 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1603 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1602 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-13258 MEDIUM PATCH This Month

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 3.0
5.3
EPSS
2.1%
CVE-2018-0503 MEDIUM PATCH This Month

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Mediawiki Debian Linux
NVD
CVSS 3.0
4.3
EPSS
1.5%
CVE-2018-1670 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy