Skip to main content
CVE-2018-18552 MEDIUM POC This Month

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Monitoring Software
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-18621 MEDIUM POC This Month

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Communigate Pro
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-18551 MEDIUM POC This Month

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monitoring Software
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-18636 MEDIUM POC This Month

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2640T Firmware
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-18635 MEDIUM POC PATCH This Month

www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Mailcleaner
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-18548 MEDIUM POC This Month

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docker Ajenticp
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2018-18547 MEDIUM POC This Month

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Control Panel
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-12650 MEDIUM POC This Month

Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Human Resource Management Software
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-18568 MEDIUM POC This Month

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware Vvx 500 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2018-18567 MEDIUM POC This Month

AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure 440Hd Firmware 450Hd Firmware
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-18566 MEDIUM POC This Month

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Communications Software Vvx 601 Firmware Vvx 500 Firmware
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2018-18014 MEDIUM POC This Month

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Xenmobile Server
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-17923 MEDIUM This Month

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Saga1 L8B Firmware
NVD
CVSS 3.0
6.9
EPSS
0.3%
CVE-2018-11785 MEDIUM This Month

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Impala
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1541 MEDIUM PATCH This Month

IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Commerce
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-15750 MEDIUM PATCH This Month

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Salt
NVD
CVSS 3.0
5.3
EPSS
4.2%
CVE-2018-9280 MEDIUM This Month

An issue was discovered on Eaton UPS 9PX 8000 SP devices. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 9Px Ups Firmware
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-9279 MEDIUM This Month

An issue was discovered on Eaton UPS 9PX 8000 SP devices. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 9Px Ups Firmware
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18517 MEDIUM This Month

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix XSS Netscaler Gateway Firmware
NVD
CVSS 3.0
4.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy