Skip to main content
CVE-2017-8303 CRITICAL POC Act Now

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Transfer Appliance
NVD GitHub
CVSS 3.1
9.8
EPSS
9.6%
CVE-2017-8794 CRITICAL POC Act Now

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Transfer Appliance
NVD GitHub
CVSS 3.0
10.0
EPSS
0.3%
CVE-2017-8786 CRITICAL POC PATCH Act Now

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Pcre2
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8790 CRITICAL POC Act Now

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LDAP Code Injection File Transfer Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-8796 CRITICAL POC Act Now

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP File Transfer Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-8789 CRITICAL POC Act Now

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP File Transfer Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8793 HIGH POC This Week

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Transfer Appliance
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-8760 MEDIUM POC This Month

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Transfer Appliance
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-8304 MEDIUM POC This Month

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Transfer Appliance
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-8795 MEDIUM POC This Month

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Transfer Appliance
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8792 MEDIUM POC This Month

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Transfer Appliance
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8791 MEDIUM POC This Month

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Transfer Appliance
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8788 MEDIUM POC This Month

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure File Transfer Appliance
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8799 CRITICAL PATCH Act Now

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Irods
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-8080 HIGH PATCH This Week

Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE Atlassian File Upload Hipchat Server
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-1156 HIGH PATCH This Week

IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect IBM Websphere Portal
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-8787 HIGH This Week

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Podofo
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-6557 HIGH This Week

SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Arrayos
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-9692 HIGH PATCH This Week

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Cast Iron Solution
NVD
CVSS 3.0
8.6
EPSS
0.9%
CVE-2016-9691 HIGH PATCH This Week

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Websphere Cast Iron Solution
NVD
CVSS 3.0
8.6
EPSS
0.3%
CVE-2017-8059 HIGH This Week

Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Foxit Pdf
NVD
CVSS 3.0
8.1
EPSS
0.0%
CVE-2017-8801 MEDIUM This Month

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Officescan
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0255 MEDIUM PATCH This Month

IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Marketing Platform
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-3213 MEDIUM This Month

The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Think Mutual Bank Mobile Banking App
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-3212 MEDIUM This Month

The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Space Coast Credit Union
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2017-5919 MEDIUM This Month

The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure 21St Century Insurance
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5918 MEDIUM This Month

The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Bcr Movil
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5916 MEDIUM This Month

The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure America S First Fcu Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5915 MEDIUM This Month

The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Emirates Nbd Emirates Nbd Ksa
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5914 MEDIUM This Month

The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Banque Zitouna
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-5913 MEDIUM This Month

The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Tradeking Forex
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5912 MEDIUM This Month

The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Forextrader
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5911 MEDIUM This Month

The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Supermovil
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5909 MEDIUM This Month

The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Efs Mobile Driver Source
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5907 MEDIUM This Month

The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Great Southern Mobile Banking
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5906 MEDIUM This Month

The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Diabetes In Check
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-5905 MEDIUM This Month

The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Dollar Bank Mobile
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-5902 MEDIUM This Month

The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Mypayquicker
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-5901 MEDIUM This Month

The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure State Bank Anywhere
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-8060 MEDIUM This Month

Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Panda Mobile Security
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2017-8058 MEDIUM This Month

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Atlassian Information Disclosure Hipchat
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-8916 MEDIUM PATCH This Month

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6877 MEDIUM This Month

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy