CVE-2018-16725
published 2018-09-08CVE-2018-16725: An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash…
PriorityP424medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.71%
48.8th percentile
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baijiacms_project | baijiacms | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
XiongMai uc-httpd 1.0.0 - Buffer Overflow
nuclei·CVSS 9.8
CVE-2018-10088 [CRITICAL] XiongMai uc-httpd 1.0.0 - Buffer Overflow
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
Template:
id: CVE-2018-10088
info:
name: XiongMai uc-httpd 1.0.0 - Buffer Overflow
author: 0x_Akoko
severity: critical
description: |
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
impact: |
Potential for remote code execution or denial of service when successfully exploited.
remediation: |
Update to the latest version of uc-httpd or apply security patches provided by the vendor.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-10088
- https://www.exploit-db.com/exploits/44864
- https://github.com/bitfu/uc-httpd-1.0.0-buffe
No writeups or analysis indexed.
2018-09-08
Published