Security Vulnerabilities - CVEs Published In December 2018
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.223
Published
2018-12-01
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-12-01
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-01
Page 117