Skip to main content
CVE-2018-19319 MEDIUM POC This Month

SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Srcms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-18760 MEDIUM POC This Month

RhinOS 3.0 build 1190 allows CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rhinos
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-15693 MEDIUM POC This Month

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Inova Partner
NVD
CVSS 3.0
6.4
EPSS
0.6%
CVE-2018-19311 MEDIUM POC PATCH This Month

Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Centreon
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-7361 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Null Pointer Dereference Denial Of Service Zxhn F670 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-7360 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn F670 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1639 MEDIUM This Month

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15692 MEDIUM This Month

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Inova Partner
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2018-9073 MEDIUM This Month

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Chassis Management Module Firmware
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2018-1797 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-9071 MEDIUM This Month

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Chassis Management Module Firmware
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-9085 MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation IBM Flex System X240 M4 Firmware +25
NVD
CVSS 3.0
4.9
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy