Skip to main content
CVE-2018-19795 MEDIUM POC This Month

ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Umptool
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-19792 MEDIUM POC This Month

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openlitespeed
NVD GitHub
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-19791 MEDIUM POC This Month

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openlitespeed
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14704 MEDIUM POC This Month

Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 5N2 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14698 MEDIUM POC This Month

Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 5N2 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14697 MEDIUM POC This Month

Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 5N2 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19836 MEDIUM POC This Month

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19835 MEDIUM POC This Month

Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19796 MEDIUM POC This Month

An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Open Redirect Ninja Forms
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-19794 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grouper
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-1002009 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.6%
CVE-2018-1002008 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.6%
CVE-2018-1002007 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.6%
CVE-2018-1002006 MEDIUM POC This Month

These vulnerabilities require administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.6%
CVE-2018-1002005 MEDIUM POC This Month

These vulnerabilities require administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
3.1%
CVE-2018-1002004 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2018-1002003 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2018-1002002 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2018-1002001 MEDIUM POC This Month

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2018-7113 MEDIUM This Month

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Integrated Lights Out 5 Firmware
NVD
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-19826 MEDIUM This Month

In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-19797 MEDIUM PATCH This Month

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-6332 MEDIUM This Month

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Hhvm
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2018-16869 MEDIUM This Month

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure Nettle
NVD
CVSS 3.1
5.7
EPSS
1.5%
CVE-2018-16868 MEDIUM This Month

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.6). No vendor patch available.

Oracle Information Disclosure Gnutls
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2018-7112 MEDIUM This Month

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integrated Lights Out 2 Firmware Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware +98
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-7115 MEDIUM This Month

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Intelligent Management Center
NVD
CVSS 3.0
5.3
EPSS
13.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy