Skip to main content
CVE-2018-13321 HIGH POC This Week

Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ts5600D1206 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19562 HIGH POC This Week

An issue was discovered in PHPok 4.9.015. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Phpok
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-19561 HIGH POC This Week

sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Sikcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-19560 HIGH POC This Week

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-19555 HIGH POC This Week

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teleport
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19546 HIGH POC This Week

JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Jtbc Php
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19545 HIGH POC This Week

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jeecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19541 HIGH POC This Week

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jasper Ubuntu Linux Linux Enterprise Desktop +2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-19540 HIGH POC This Week

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jasper Linux Enterprise Desktop Linux Enterprise Server +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-19532 HIGH POC This Week

A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-19543 HIGH POC This Week

An issue was discovered in JasPer 2.0.14. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jasper Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-13319 HIGH POC This Week

Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ts5600D1206 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-13320 HIGH POC This Week

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ts5600D1206 Firmware
NVD
CVSS 3.0
7.2
EPSS
2.8%
CVE-2018-13318 HIGH POC This Week

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ts5600D1206 Firmware
NVD
CVSS 3.0
7.2
EPSS
2.8%
CVE-2018-19537 HIGH POC This Week

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload TP-Link Archer C5 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
6.0%
CVE-2018-16854 HIGH PATCH This Week

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-19553 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19552 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19551 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19550 HIGH POC This Week

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Email Marketer
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.0%
CVE-2018-19549 HIGH This Week

Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Email Marketer
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-19566 HIGH This Week

A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Dcraw
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2018-19565 HIGH This Week

A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Dcraw
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2018-1905 HIGH This Week

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.0
7.1
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy