Skip to main content
CVE-2018-13322 MEDIUM POC This Month

Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ts5600D1206 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-19544 MEDIUM POC This Month

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jeecms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-19542 MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Ubuntu Linux Linux Enterprise Desktop +3
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19539 MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Linux Enterprise Desktop Linux Enterprise Server Debian Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19535 MEDIUM POC PATCH This Month

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Exiv2 Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-13323 MEDIUM POC This Month

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ts5600D1206 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13317 MEDIUM POC This Month

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002ru Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-13312 MEDIUM POC This Month

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002ru Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13309 MEDIUM POC This Month

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002ru Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13308 MEDIUM POC This Month

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS A3002ru Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19564 MEDIUM POC This Month

Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Easy Testimonials
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19547 MEDIUM POC This Month

JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Jtbc Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19556 MEDIUM POC This Month

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-11077 MEDIUM PATCH This Month

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.7
EPSS
1.0%
CVE-2018-11076 MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure Emc Avamar Emc Integrated Data Protection Appliance +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-13310 MEDIUM This Month

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A3002ru Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11067 MEDIUM PATCH This Month

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-14663 MEDIUM This Month

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dnsdist
NVD
CVSS 3.0
5.9
EPSS
2.6%
CVE-2018-19568 MEDIUM This Month

A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dcraw
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19567 MEDIUM This Month

A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dcraw
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-16862 MEDIUM PATCH This Month

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-14646 MEDIUM PATCH This Month

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-18807 MEDIUM This Month

The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Statistica Server
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-19554 MEDIUM This Month

An issue was discovered in Dotcms through 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dotcms
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy