Skip to main content
CVE-2018-12671 CRITICAL POC Act Now

An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-12670 CRITICAL POC Act Now

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-12668 CRITICAL POC Act Now

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12667 CRITICAL POC Act Now

The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12666 CRITICAL POC Act Now

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H 264 Poe Ip Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-18530 CRITICAL POC Act Now

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkphp
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18529 CRITICAL POC Act Now

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinkphp
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18527 CRITICAL POC Act Now

OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ownticket
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-4013 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Live555 Media Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2018-18531 CRITICAL Act Now

text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Kaptcha
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18396 CRITICAL Act Now

Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Thingspro
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18395 CRITICAL Act Now

Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18394 CRITICAL Act Now

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-18393 CRITICAL Act Now

Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thingspro
NVD
CVSS 3.0
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy