Skip to main content
CVE-2016-4055 MEDIUM POC PATCH This Month

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Node.js Moment Nessus Primavera Unifier
NVD VulDB
CVSS 3.1
6.5
EPSS
2.7%
CVE-2016-4484 MEDIUM POC PATCH This Month

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Debian Authentication Bypass Cryptsetup
NVD VulDB
CVSS 3.0
6.8
EPSS
0.5%
CVE-2015-7743 MEDIUM POC This Month

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Prtg Network Monitor
NVD VulDB
CVSS 3.0
6.5
EPSS
0.3%
CVE-2014-9772 MEDIUM POC PATCH This Month

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-4056 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Typo3
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0765 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Eshop Plugin
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8862 MEDIUM POC PATCH This Month

mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Node.js Mustache Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-7410 MEDIUM POC This Month

The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libdwarf
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-5237 MEDIUM POC This Month

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Steamos
NVD Exploit-DB VulDB
CVSS 3.0
4.8
EPSS
0.1%
CVE-2016-9870 MEDIUM This Month

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

LDAP Code Injection Isilon Onefs
NVD VulDB
CVSS 3.0
6.7
EPSS
0.1%
CVE-2015-8861 MEDIUM POC PATCH This Month

The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Handlebars Js
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2013-7452 MEDIUM PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.6%
CVE-2013-7451 MEDIUM PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.6%
CVE-2013-7454 MEDIUM POC PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Node Js
NVD VulDB GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2013-7453 MEDIUM PATCH This Month

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Node Js
NVD VulDB
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6484 MEDIUM This Month

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Netmri
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8856 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Node.js Serve Index
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2016-8213 MEDIUM This Month

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Documentum Administrator Documentum Capital Projects Documentum Taskspace Documentum Webtop
NVD VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9385 MEDIUM PATCH This Month

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Canonical Xen Xenserver
NVD VulDB
CVSS 3.0
6.0
EPSS
0.1%
CVE-2016-5876 MEDIUM PATCH This Month

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Owncloud
NVD VulDB
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-10104 MEDIUM This Month

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Automize
NVD VulDB
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-5544 MEDIUM This Month

An issue was discovered on FiberHome Fengine S5800 switches V210R240. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Fengine S5800 Firmware
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2016-9401 MEDIUM This Month

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Authentication Bypass Use After Free Bash Debian Linux +6
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-5553 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP B2Evolution
NVD GitHub VulDB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8859 MEDIUM PATCH This Month

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Send
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy