Skip to main content
CVE-2018-18874 CRITICAL POC Act Now

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Nc Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-18869 CRITICAL POC Act Now

EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal PHP Empirecms
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-16840 CRITICAL PATCH Act Now

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Curl Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-16839 CRITICAL PATCH Act Now

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow Curl Debian Linux +1
NVD GitHub
CVSS 3.0
9.8
EPSS
5.8%
CVE-2018-1851 CRITICAL PATCH Act Now

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

IBM Deserialization RCE Websphere Application Server
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-16842 CRITICAL PATCH Act Now

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Curl Ubuntu Linux +1
NVD GitHub
CVSS 3.0
9.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy