Skip to main content
CVE-2018-18619 CRITICAL POC Act Now

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Comment System
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-8788 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow Freerdp Ubuntu Linux +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-8787 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
8.4%
CVE-2018-8786 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2018-8785 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2018-8784 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2018-19692 CRITICAL POC Act Now

An issue was discovered in tp5cms through 2017-05-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tp5Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-19655 HIGH POC This Week

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Dcraw Suse Linux Enterprise Desktop Suse Linux Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-19662 HIGH POC This Week

An issue was discovered in libsndfile 1.0.28. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-19666 HIGH POC This Week

The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Ossec Wazuh
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-19748 HIGH POC This Week

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Sdcms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-8789 HIGH POC PATCH This Week

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
5.2%
CVE-2018-19654 HIGH POC This Week

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sales Company Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-19628 HIGH POC This Week

In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-19627 HIGH POC THREAT This Week

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.7%
CVE-2018-19623 HIGH POC This Week

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2018-19622 HIGH POC This Week

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-19664 MEDIUM POC This Month

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libjpeg Turbo
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-19661 MEDIUM POC This Month

An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-19527 MEDIUM POC This Month

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Ai Si Assistant
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19693 MEDIUM POC This Month

An issue was discovered in tp5cms through 2017-05-25. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tp5Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15981 CRITICAL Act Now

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-18649 CRITICAL Act Now

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2018-11002 MEDIUM POC This Month

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19626 MEDIUM POC This Month

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19625 MEDIUM POC This Month

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19624 MEDIUM POC This Month

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19750 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.8%
CVE-2018-19752 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-19751 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-19749 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-15537 HIGH This Week

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ocsinventory Ng
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2018-12245 HIGH This Week

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-12238 HIGH This Week

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud Norton Antivirus
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-19120 HIGH This Week

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kde Applications
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-15980 HIGH PATCH This Week

Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Photoshop Cc
NVD
CVSS 3.0
7.5
EPSS
7.9%
CVE-2018-15979 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
10.3%
CVE-2018-15978 HIGH PATCH This Week

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2018-14626 HIGH This Week

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-10851 HIGH This Week

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
6.0%
CVE-2018-12239 MEDIUM This Month

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud Norton Antivirus
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-19497 MEDIUM PATCH This Month

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-1762 MEDIUM This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-16859 MEDIUM PATCH This Month

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Ansible Engine
NVD GitHub
CVSS 3.0
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy