Skip to main content
CVE-2018-3950 HIGH POC This Week

An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow TP-Link Tl R600Vpn Firmware
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2018-4040 HIGH POC This Week

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2018-4039 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2018-4038 HIGH POC This Week

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Atlantis Word Processor
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2018-3949 HIGH POC THREAT This Week

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Path Traversal Tl R600Vpn Firmware
NVD
CVSS 3.1
7.5
EPSS
53.3%
CVE-2018-19784 HIGH POC This Week

The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Php Proxy
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-3951 HIGH POC This Week

An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow TP-Link Tl R600Vpn Firmware
NVD
CVSS 3.1
7.2
EPSS
3.9%
CVE-2018-19785 MEDIUM POC PATCH This Month

PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Proxy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy