Skip to main content
CVE-2017-7391 MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Magmi
NVD GitHub
CVSS 3.0
6.1
EPSS
8.9%
CVE-2017-7387 MEDIUM POC This Month

TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Helpmewatchwho
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7386 MEDIUM POC This Month

citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Symetrie
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7389 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Openeclass
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-7388 MEDIUM POC This Month

A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wallacepos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-7393 HIGH PATCH This Week

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Tigervnc
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-7394 HIGH PATCH This Week

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tigervnc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-7392 HIGH PATCH This Week

In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tigervnc
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-7396 HIGH PATCH This Week

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tigervnc
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7395 MEDIUM PATCH This Month

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Tigervnc
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-7390 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Socialnetwork
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy