Skip to main content
CVE-2017-8917 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.5%.

SQLi Joomla
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
94.5%
Threat
6.3
CVE-2017-9026 CRITICAL POC Act Now

Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Trip Mate 6 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5215 CRITICAL POC Act Now

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE B2J Contact
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-3403 HIGH POC PATCH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Zimbra Collaboration Suite
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-4011 MEDIUM POC THREAT This Month

Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.

XSS Network Data Loss Prevention
NVD
CVSS 3.0
6.1
EPSS
10.9%
CVE-2017-9030 HIGH POC This Week

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal B2J Contact
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-8422 HIGH POC PATCH This Week

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Kauth Kdelibs
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-8849 HIGH POC PATCH This Week

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Smb4K Debian Linux
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5214 HIGH POC This Week

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE B2J Contact
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9025 MEDIUM POC This Month

Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Trip Mate 6 Firmware
NVD
CVSS 3.0
6.5
EPSS
3.9%
CVE-2017-9031 CRITICAL PATCH Act Now

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Deluge
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-4014 HIGH This Week

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Network Data Loss Prevention
NVD
CVSS 3.0
8.0
EPSS
0.4%
CVE-2017-7493 HIGH PATCH This Week

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Qemu Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-4012 MEDIUM This Month

Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Network Data Loss Prevention
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-3998 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Adsense Click Fraud Monitoring Phpwhois
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-4070 MEDIUM This Month

Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress PHP Wow Moodboard Lite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10374 MEDIUM This Month

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Perltidy
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2017-4013 MEDIUM This Month

Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-4017 MEDIUM This Month

User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-4016 MEDIUM This Month

Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-4015 MEDIUM This Month

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Data Loss Prevention
NVD
CVSS 3.1
4.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy