Skip to main content
CVE-2017-6104 HIGH POC THREAT Act Now

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.6%.

WordPress Authentication Bypass File Upload Zen Mobile App Native
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
38.6%
Threat
4.2
CVE-2015-8994 HIGH POC This Week

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache PHP Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2017-6394 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2017-6396 MEDIUM POC PATCH This Month

An issue was discovered in WPO-Foundation WebPageTest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6102 MEDIUM POC This Month

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rockhoist Badges Plugin
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6397 MEDIUM POC This Month

An issue was discovered in FlightAirMap v1.0-beta.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Flightairmap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-9892 MEDIUM POC This Month

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Eset Apple RCE Endpoint Antivirus Endpoint Security
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-6403 CRITICAL Act Now

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netbackup Netbackup Appliance
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-6409 CRITICAL Act Now

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netbackup Netbackup Appliance
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-6399 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-6407 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6406 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6400 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6062 HIGH PATCH This Week

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Mod Auth Openidc
NVD GitHub
CVSS 3.0
8.6
EPSS
0.4%
CVE-2017-6413 HIGH PATCH This Week

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Mod Auth Openidc
NVD GitHub
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-10063 HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-6319 HIGH PATCH This Week

The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-10064 HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5232 HIGH This Week

All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-5235 HIGH This Week

Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Metasploit
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-5234 HIGH This Week

Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Insight Collector
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-5233 HIGH This Week

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appspider Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-6401 HIGH This Week

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6384 HIGH PATCH This Week

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Atheme
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-10067 HIGH PATCH This Week

magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-6405 HIGH This Week

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-5230 HIGH This Week

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Nexpose
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-5231 HIGH This Week

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Metasploit
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-5229 HIGH This Week

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Metasploit
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-5228 HIGH This Week

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Metasploit
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-6408 HIGH This Week

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-10060 MEDIUM PATCH This Month

The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2017-6402 MEDIUM This Month

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Netbackup Netbackup Appliance
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-6393 MEDIUM PATCH This Month

An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Nagvis
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6392 MEDIUM PATCH This Month

An issue was discovered in Kaltura server Lynx-12.11.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6391 MEDIUM PATCH This Month

An issue was discovered in Kaltura server Lynx-12.11.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6390 MEDIUM PATCH This Month

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Whatanime Ga
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6395 MEDIUM PATCH This Month

An issue was discovered in HashOver 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Hashover
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6103 MEDIUM This Month

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Anyvar
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10228 MEDIUM This Month

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Glibc
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-10068 MEDIUM PATCH This Month

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10069 MEDIUM PATCH This Month

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-10071 MEDIUM PATCH This Month

coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2016-10062 MEDIUM This Month

The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2017-6410 MEDIUM PATCH This Month

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Kdelibs Kio
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6387 MEDIUM PATCH This Month

The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6415 MEDIUM PATCH This Month

The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-6404 MEDIUM This Month

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Netbackup Netbackup Appliance
NVD
CVSS 3.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy