Skip to main content
CVE-2018-20342 MEDIUM POC This Month

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sp012
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-16778 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenzabar
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-18330 MEDIUM This Month

An Address Bar Spoofing vulnerability in Trend Micro Dr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure Dr Safety
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-20322 MEDIUM PATCH This Month

LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS RCE Limesurvey
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-20339 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-5201 MEDIUM PATCH This Month

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft Denial Of Service Buffer Overflow Hancom Office 2010 +3
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-20328 MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-20327 MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo Lms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20345 MEDIUM This Month

Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Stackstorm
NVD
CVSS 3.0
5.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy