Skip to main content
CVE-2017-7253 HIGH POC This Week

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dahua Ip Camera Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-7323 HIGH POC This Week

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Modx Revolution
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2017-6412 HIGH POC This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Sophos Information Disclosure Web Appliance
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-7322 HIGH POC This Week

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Modx Revolution
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2017-7290 HIGH POC This Week

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xoops
NVD GitHub
CVSS 3.0
7.2
EPSS
0.6%
CVE-2014-9825 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9824 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9823 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9822 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9821 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9820 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9819 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9817 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-6183 HIGH This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2014-9804 HIGH PATCH This Week

vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2017-5185 HIGH This Week

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sentinel
NVD
CVSS 3.0
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy