Skip to main content
CVE-2018-6908 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mini 8 Firmware Touch Hd 12 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-6012 CRITICAL POC Act Now

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python Mini 8 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18892 CRITICAL POC Act Now

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Minicms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-18888 CRITICAL POC Act Now

An issue was discovered in laravelCMS through 2018-04-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Laravelcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-18887 CRITICAL POC Act Now

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-6907 HIGH POC This Week

A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rainmachine Web Application
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3977 HIGH POC This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Sdl Image
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-3900 HIGH POC This Week

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-6011 HIGH POC This Week

The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Mini 8 Firmware
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2018-3947 HIGH POC This Week

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2018-3910 HIGH POC This Week

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
8.0
EPSS
1.6%
CVE-2018-18714 HIGH POC This Week

RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Malware Fighter
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-18695 HIGH POC This Week

M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Report Designer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3928 HIGH POC This Week

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Information Disclosure Yi Home Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2018-18891 HIGH POC This Week

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Minicms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-6909 MEDIUM POC This Month

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rainmachine Web Application
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6906 MEDIUM POC This Month

A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rainmachine Web Application
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18776 MEDIUM POC This Month

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microstrategy Web
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-18775 MEDIUM POC This Month

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microstrategy Web
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.6%
CVE-2018-18890 MEDIUM POC This Month

MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Minicms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-18883 HIGH PATCH This Week

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Intel Null Pointer Dereference Denial Of Service Xen
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-15454 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.0
8.6
EPSS
4.4%
CVE-2018-18777 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microstrategy Web
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
19.6%
CVE-2018-7356 HIGH This Week

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxr10 8905E Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-10587 HIGH This Week

NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Enterprise Manager
NVD
CVSS 3.0
7.2
EPSS
3.3%
CVE-2018-14660 MEDIUM This Month

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server Virtualization +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-10586 MEDIUM This Month

NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Manager
NVD
CVSS 3.0
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy