Skip to main content
CVE-2018-12671 CRITICAL POC Act Now

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-12670 CRITICAL POC Act Now

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-12668 CRITICAL POC Act Now

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12667 CRITICAL POC Act Now

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12666 CRITICAL POC Act Now

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-18530 CRITICAL POC Act Now

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkphp
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18529 CRITICAL POC Act Now

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkphp
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18527 CRITICAL POC Act Now

OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ownticket
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-4013 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Live555 Media Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2018-18420 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Zenario
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-12669 HIGH POC This Week

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-18284 HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Gpl Ghostscript +7
NVD
CVSS 3.0
8.6
EPSS
16.3%
CVE-2018-18026 HIGH POC This Week

IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Malware Fighter
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-18428 HIGH POC THREAT This Week

TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Sc3130 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.5%
CVE-2018-12673 HIGH POC This Week

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-18520 MEDIUM POC PATCH This Month

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2018-12675 MEDIUM POC This Month

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
6.1
EPSS
3.1%
CVE-2018-18531 CRITICAL Act Now

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Kaptcha
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18396 CRITICAL Act Now

Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Thingspro
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18395 CRITICAL Act Now

Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18394 CRITICAL Act Now

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-18393 CRITICAL Act Now

Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-12674 MEDIUM POC This Month

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
5.7
EPSS
0.6%
CVE-2018-18521 MEDIUM POC PATCH This Month

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Elfutils Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2018-18419 MEDIUM POC This Month

Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Management
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-18417 MEDIUM POC This Month

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ekushey Project Manager
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-12672 MEDIUM POC This Month

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-18416 MEDIUM POC This Month

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lango
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.7%
CVE-2018-18392 HIGH This Week

Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thingspro
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-18391 HIGH This Week

User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thingspro
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-18398 MEDIUM POC This Month

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Thunar Xfce
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-18224 HIGH This Week

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Buffer Overflow Drawings Sdk Outside In Technology
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-18223 HIGH This Week

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Drawings Sdk Outside In Technology
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-18390 HIGH This Week

User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-15315 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Application Acceleration Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15314 MEDIUM This Month

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-15313 MEDIUM This Month

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-15312 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Application Acceleration Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-18438 MEDIUM PATCH This Month

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Qemu Enterprise Linux Openstack
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15316 MEDIUM This Month

In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Access Policy Manager Client Big Ip Edge Client
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-18380 MEDIUM PATCH This Month

A Session Fixation issue was discovered in Bigtree before 4.2.24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure PHP Bigtree Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy