Skip to main content
CVE-2016-1713 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

RCE PHP File Upload Vtiger Crm
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
61.9%
Threat
4.8
CVE-2017-7455 HIGH POC THREAT Act Now

Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.

Information Disclosure Mxview
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
40.0%
Threat
4.2
CVE-2016-5312 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.

Path Traversal Messaging Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
40.0%
Threat
4.0
CVE-2017-6554 HIGH POC THREAT Act Now

pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.9%.

RCE Privilege Manager
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
23.9%
CVE-2015-6568 HIGH POC PATCH THREAT Act Now

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

RCE PHP Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
11.9%
CVE-2015-6567 HIGH POC PATCH This Week

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2017-7456 HIGH POC THREAT Act Now

Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%.

Denial Of Service Mxview
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.5%
CVE-2017-7877 HIGH POC This Week

CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flatcore Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2015-8356 HIGH POC This Week

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bitrix
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
2.6%
CVE-2016-0727 HIGH POC PATCH This Week

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Privilege Escalation Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2017-7643 HIGH POC This Week

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Proxifier
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-7690 HIGH POC This Week

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Proxifier
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-6299 HIGH POC PATCH This Week

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Fedora Scm Plugin
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5309 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2016-5310 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Microsoft Denial Of Service Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2017-7857 CRITICAL PATCH Act Now

FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Freetype
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2017-7858 CRITICAL PATCH Act Now

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Freetype
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-7864 CRITICAL PATCH Act Now

FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Freetype
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-7865 CRITICAL PATCH Act Now

FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-7863 CRITICAL PATCH Act Now

FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-7856 CRITICAL PATCH Act Now

LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2017-7871 MEDIUM POC PATCH This Month

trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Tdm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7862 CRITICAL PATCH Act Now

FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-7866 CRITICAL PATCH Act Now

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Ffmpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-7860 CRITICAL PATCH Act Now

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Google Grpc
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-7861 CRITICAL PATCH Act Now

Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Google Grpc
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-7870 CRITICAL PATCH Act Now

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-7859 CRITICAL Act Now

FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-10328 CRITICAL PATCH Act Now

FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Freetype Outside In Technology
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-7875 CRITICAL PATCH Act Now

In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Feh
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-10327 CRITICAL PATCH Act Now

LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Libreoffice
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7878 CRITICAL PATCH Act Now

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-4889 HIGH This Week

ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Servicedesk Plus
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2017-7188 MEDIUM POC This Month

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2017-7357 CRITICAL PATCH Act Now

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Hipchat Server
NVD
CVSS 3.0
9.1
EPSS
2.2%
CVE-2017-7457 MEDIUM POC This Month

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Mx Aopc Server
NVD Exploit-DB
CVSS 3.0
5.0
EPSS
0.5%
CVE-2017-7717 HIGH This Week

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-1205 HIGH PATCH This Week

IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Spectrum Lsf
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-7051 HIGH PATCH This Week

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Jackson Dataformat Xml
NVD GitHub
CVSS 3.1
8.6
EPSS
0.9%
CVE-2016-6489 HIGH PATCH This Week

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-8602 HIGH PATCH This Week

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Ghostscript
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2017-7868 HIGH PATCH This Week

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption International Components For Unicode Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-7696 HIGH This Week

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Sso Authentication Library
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-7218 HIGH This Week

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-3104 HIGH This Week

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-7867 HIGH PATCH This Week

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption International Components For Unicode Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-7869 HIGH PATCH This Week

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Gnutls
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-7408 HIGH This Week

Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Traps
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-7879 HIGH PATCH This Week

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-7032 HIGH This Week

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Sudo
NVD
CVSS 3.0
7.0
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy