Skip to main content
CVE-2016-1713 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

RCE PHP File Upload Vtiger Crm
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
61.9%
Threat
4.8
CVE-2017-7455 HIGH POC THREAT Act Now

Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.

Information Disclosure Mxview
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
40.0%
Threat
4.2
CVE-2017-6554 HIGH POC THREAT Act Now

pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.9%.

RCE Privilege Manager
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
23.9%
CVE-2015-6568 HIGH POC PATCH THREAT Act Now

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

RCE PHP Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
11.9%
CVE-2015-6567 HIGH POC PATCH This Week

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2017-7456 HIGH POC THREAT Act Now

Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%.

Denial Of Service Mxview
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.5%
CVE-2017-7877 HIGH POC This Week

CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flatcore Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2015-8356 HIGH POC This Week

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bitrix
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
2.6%
CVE-2016-0727 HIGH POC PATCH This Week

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Privilege Escalation Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2017-7643 HIGH POC This Week

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Proxifier
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-7690 HIGH POC This Week

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Proxifier
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-6299 HIGH POC PATCH This Week

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Fedora Scm Plugin
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-4889 HIGH This Week

ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Servicedesk Plus
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2017-7717 HIGH This Week

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2017-1205 HIGH PATCH This Week

IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

IBM Privilege Escalation Spectrum Lsf
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-7051 HIGH PATCH This Week

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Jackson Dataformat Xml
NVD GitHub
CVSS 3.1
8.6
EPSS
0.9%
CVE-2016-6489 HIGH PATCH This Week

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-8602 HIGH PATCH This Week

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Ghostscript
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2017-7868 HIGH PATCH This Week

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption International Components For Unicode Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-7696 HIGH This Week

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Sso Authentication Library
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2017-7218 HIGH This Week

The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-3104 HIGH This Week

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-7867 HIGH PATCH This Week

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption International Components For Unicode Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-7869 HIGH PATCH This Week

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Gnutls
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-7408 HIGH This Week

Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Traps
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-7879 HIGH PATCH This Week

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-7032 HIGH This Week

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Sudo
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy