Skip to main content
CVE-2018-20591 MEDIUM POC This Month

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20588 MEDIUM POC This Month

lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Otfcc
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20584 MEDIUM POC PATCH This Month

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Debian Linux Outside In Technology
NVD GitHub
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-20611 MEDIUM POC This Month

imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Imcat
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-20600 MEDIUM POC This Month

sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20594 MEDIUM POC PATCH This Month

An issue was discovered in hsweb 3.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hsweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-20583 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Commonmark
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-20593 MEDIUM POC This Month

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mini Xml Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-20592 MEDIUM POC This Month

In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Mini Xml Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-20609 MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-20607 MEDIUM POC This Month

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Imcat
NVD GitHub
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-20610 MEDIUM POC This Month

imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Imcat
NVD GitHub
CVSS 3.0
4.9
EPSS
1.9%
CVE-2018-20604 MEDIUM POC This Month

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Lei Feng Tv Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.4%
CVE-2018-20601 MEDIUM POC This Month

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20597 MEDIUM POC This Month

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20590 MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-20589 MEDIUM PATCH This Month

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Generic Content Management System
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy