Skip to main content
CVE-2018-13324 CRITICAL POC THREAT Act Now

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ts5600D1206 Firmware
NVD
CVSS 3.0
9.8
EPSS
23.2%
CVE-2018-13315 CRITICAL POC Act Now

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3002ru Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-19559 CRITICAL POC Act Now

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cuppacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-19558 CRITICAL POC Act Now

An issue was discovered in arcms through 2018-03-19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Arcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-19557 CRITICAL POC Act Now

An issue was discovered in arcms through 2018-03-19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Arcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-19548 CRITICAL POC Act Now

index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Edusec
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-19531 CRITICAL POC Act Now

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Httl
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%
CVE-2018-19530 CRITICAL POC Act Now

HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Httl
NVD GitHub
CVSS 3.0
9.8
EPSS
4.6%
CVE-2018-19528 CRITICAL POC Act Now

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-13311 CRITICAL Act Now

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A3002ru Firmware
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-11066 CRITICAL PATCH Act Now

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell RCE Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
9.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy