Skip to main content
CVE-2017-5358 CRITICAL POC THREAT Emergency

Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

Buffer Overflow RCE PHP Easycom For Php
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
35.3%
Threat
4.5
CVE-2017-5359 HIGH POC THREAT Act Now

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.4%.

Denial Of Service Sql Iplug
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
37.4%
Threat
4.1
CVE-2017-5496 CRITICAL POC THREAT Emergency

Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Information Disclosure Sawmill
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.3%
CVE-2016-10195 CRITICAL POC PATCH Act Now

The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libevent Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2017-6827 HIGH Act Now

Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

Buffer Overflow Audiofile
NVD
CVSS 3.0
7.8
EPSS
33.8%
CVE-2017-6366 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Netgear Dgn2200 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6060 HIGH POC This Week

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mupdf Debian Linux
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.9%
CVE-2016-10197 HIGH POC PATCH This Week

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Debian Linux Libevent
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2017-6429 HIGH POC PATCH This Week

Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2016-10249 HIGH POC PATCH This Week

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-10251 HIGH POC PATCH This Week

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-10250 HIGH POC PATCH This Week

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-10196 HIGH POC PATCH This Week

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service Debian Linux Libevent +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2016-10248 HIGH POC PATCH This Week

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-10166 CRITICAL PATCH Act Now

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Libgd
NVD GitHub
CVSS 3.0
9.8
EPSS
8.3%
CVE-2017-6438 HIGH POC This Week

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Libplist
NVD GitHub
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-6828 HIGH Act Now

Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 17.2% and no vendor patch available.

Buffer Overflow Audiofile
NVD
CVSS 3.0
7.8
EPSS
17.2%
CVE-2017-6914 HIGH POC PATCH This Week

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-7955 CRITICAL Act Now

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ossim Unified Security Management
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2017-5522 CRITICAL PATCH Act Now

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Debian Linux Mapserver
NVD GitHub
CVSS 3.0
9.8
EPSS
6.0%
CVE-2017-3831 CRITICAL Act Now

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Aironet Access Point Software
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2017-6443 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmnet Webconfig
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.0%
CVE-2016-7103 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Application Express Business Intelligence Hospitality Cruise Fleet Management +9
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2017-6908 MEDIUM POC PATCH This Month

An issue was discovered in concrete5 <= 5.6.3.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Concrete5
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5239 CRITICAL PATCH Act Now

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Imagemagick
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-5849 MEDIUM POC This Month

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Fedora Netpbm
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6430 MEDIUM POC PATCH This Month

The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Ettercap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6435 MEDIUM POC PATCH This Month

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6436 MEDIUM POC PATCH This Month

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6437 MEDIUM POC This Month

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6440 MEDIUM POC This Month

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-6439 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service Libplist
NVD GitHub
CVSS 3.0
5.0
EPSS
0.1%
CVE-2017-3854 HIGH This Week

A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Wireless Lan Controller Firmware Wireless Lan Controller Software
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2017-3819 HIGH This Week

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Asr 5000 Series Software Virtualized Packet Core
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-3846 HIGH This Week

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Tidal Enterprise Scheduler
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2015-8982 HIGH PATCH This Week

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Integer Overflow RCE Denial Of Service Buffer Overflow Glibc
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2017-6918 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-6917 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-6916 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-6915 MEDIUM POC PATCH This Month

CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bigtree Cms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-10168 HIGH PATCH This Week

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-6852 HIGH PATCH This Week

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Jasper
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-6843 HIGH This Week

Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-6844 HIGH This Week

Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2015-8895 HIGH PATCH This Week

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-6189 HIGH This Week

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Kindle For Pc
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-5580 HIGH PATCH This Week

The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Virglrenderer
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-5583 MEDIUM This Month

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-8896 MEDIUM PATCH This Month

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Linux Desktop Enterprise Linux Eus +4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2017-5578 MEDIUM PATCH This Month

Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy