Skip to main content
CVE-2017-5631 MEDIUM POC THREAT This Month

An issue was discovered in KMCIS CaseAware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

XSS PHP Caseaware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
25.3%
CVE-2017-8401 MEDIUM POC This Month

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Swftools
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8374 MEDIUM POC This Month

The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mad Libmad
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-8376 MEDIUM POC PATCH This Month

GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Genixcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8388 MEDIUM POC PATCH This Month

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Genixcms
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-8372 MEDIUM POC This Month

The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Mad Libmad
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2017-6564 MEDIUM This Month

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ts 550 Evo Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-8384 MEDIUM PATCH This Month

Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-10350 MEDIUM PATCH This Month

The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libarchive
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2016-10349 MEDIUM PATCH This Month

The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libarchive
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2016-10351 MEDIUM PATCH This Month

Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Telegram Desktop
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-8383 MEDIUM PATCH This Month

Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Craft Cms
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-8385 MEDIUM PATCH This Month

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Craft Cms
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy