Skip to main content
CVE-2017-6104 HIGH POC THREAT Act Now

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.6%.

WordPress Authentication Bypass File Upload Zen Mobile App Native
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
38.6%
Threat
4.2
CVE-2015-8994 HIGH POC This Week

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache PHP Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2017-6399 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-6407 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6406 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6400 HIGH This Week

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Netbackup Netbackup Appliance
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6062 HIGH PATCH This Week

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Mod Auth Openidc
NVD GitHub
CVSS 3.0
8.6
EPSS
0.4%
CVE-2017-6413 HIGH PATCH This Week

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Mod Auth Openidc
NVD GitHub
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-10063 HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2017-6319 HIGH PATCH This Week

The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-10064 HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5232 HIGH This Week

All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-5235 HIGH This Week

Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Metasploit
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-5234 HIGH This Week

Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Insight Collector
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-5233 HIGH This Week

Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appspider Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-6401 HIGH This Week

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6384 HIGH PATCH This Week

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Atheme
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-10067 HIGH PATCH This Week

magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-6405 HIGH This Week

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-5230 HIGH This Week

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Nexpose
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-5231 HIGH This Week

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Metasploit
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-5229 HIGH This Week

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Metasploit
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-5228 HIGH This Week

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Metasploit
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2017-6408 HIGH This Week

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy