Skip to main content
CVE-2018-15706 MEDIUM POC THREAT This Month

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.0
6.5
EPSS
32.4%
CVE-2018-15705 MEDIUM POC THREAT This Month

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Webaccess
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
12.2%
CVE-2018-18868 MEDIUM POC This Month

No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS No Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18873 MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2018-15707 MEDIUM POC This Month

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webaccess
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-14661 MEDIUM This Month

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Glusterfs Debian Linux Virtualization +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-14659 MEDIUM This Month

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gluster File System Debian Linux Enterprise Linux Server Virtualization +1
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-14654 MEDIUM This Month

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gluster Storage Enterprise Linux Server Enterprise Linux Virtualization Virtualization +2
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2018-14652 MEDIUM This Month

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Gluster Storage Debian Linux Enterprise Virtualization Host +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-15322 MEDIUM This Month

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +13
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-13282 MEDIUM This Month

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Synology Photo Station
NVD
CVSS 3.0
6.3
EPSS
1.0%
CVE-2018-15324 MEDIUM This Month

On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.9
EPSS
1.3%
CVE-2018-15323 MEDIUM This Month

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-15321 MEDIUM This Month

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +13
NVD
CVSS 3.0
4.9
EPSS
0.9%
CVE-2018-13281 MEDIUM This Month

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Skynas Vs960Hd Diskstation Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-15325 MEDIUM This Month

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy