Skip to main content
CVE-2017-5674 CRITICAL POC Act Now

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" -. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Goahead
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-5675 HIGH POC This Week

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goahead
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-6180 HIGH POC This Week

Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kk002 Ip Camera Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-5929 CRITICAL PATCH Act Now

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.1%.

Deserialization Logback Satellite Satellite Capsule
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2017-5619 CRITICAL Act Now

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-6080 CRITICAL Act Now

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zammad
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-6081 HIGH This Week

A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zammad
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-4409 MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision Ds 76Xxx Series Firmware Ds 77Xxx Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2015-4408 MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision Ds 76Xxx Series Firmware Ds 77Xxx Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-4407 MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision Ds 76Xxx Series Firmware Ds 77Xxx Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2014-3926 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lg
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2017-6807 MEDIUM PATCH This Month

mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mod Auth Mellon
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-5621 MEDIUM This Month

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5620 MEDIUM This Month

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6671 MEDIUM PATCH This Month

Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Edx Platform
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy