Skip to main content
CVE-2017-6526 CRITICAL POC THREAT Emergency

An issue was discovered in dnaTools dnaLIMS 4-2015s13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

Authentication Bypass Dnalims
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
83.7%
Threat
6.0
CVE-2017-6527 HIGH POC THREAT Act Now

An issue was discovered in dnaTools dnaLIMS 4-2015s13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.9%.

Path Traversal Dnalims
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
75.9%
Threat
5.3
CVE-2017-6548 CRITICAL POC THREAT Emergency

Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.3%.

Buffer Overflow RCE Rt Ac53 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
48.3%
Threat
4.9
CVE-2017-6558 CRITICAL POC THREAT Emergency

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.8%.

Authentication Bypass Ib Wra150N Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
34.8%
Threat
4.5
CVE-2017-6549 HIGH POC THREAT Act Now

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.5%.

Microsoft Authentication Bypass Rt Ac53 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.5%
Threat
4.0
CVE-2017-6529 HIGH POC This Week

An issue was discovered in dnaTools dnaLIMS 4-2015s13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dnalims
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.5%
CVE-2017-6528 HIGH POC This Week

An issue was discovered in dnaTools dnaLIMS 4-2015s13. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Dnalims
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
7.2%
CVE-2017-6552 HIGH POC This Week

Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Livebox Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.4%
CVE-2017-6572 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.9%
CVE-2017-6578 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6577 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6576 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6575 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6574 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6573 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6571 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6570 HIGH POC This Week

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-6590 MEDIUM POC PATCH This Month

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. Rated medium severity (CVSS 6.3). Public exploit code available.

Ubuntu Mozilla Authentication Bypass Ubuntu Linux
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-6547 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt Ac53 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-6562 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6561 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6560 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6591 MEDIUM POC This Month

There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Django Epiceditor
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6589 MEDIUM POC This Month

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epiceditor
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6559 MEDIUM POC This Month

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Agora Project
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6556 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-6555 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-6432 HIGH This Week

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dahua Nvr Firmware
NVD
CVSS 3.0
8.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy