Skip to main content
CVE-2017-9101 CRITICAL POC THREAT Emergency

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.0%.

RCE PHP File Upload Playsms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.0%
Threat
5.9
CVE-2017-9100 HIGH POC This Week

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 600M Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.8%
CVE-2017-9119 CRITICAL POC Act Now

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Clustered Data Ontap Storage Automation Store
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9024 HIGH POC This Week

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cisco Secure Cisco Auditor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
9.1%
CVE-2017-9046 HIGH POC This Week

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Pegasus
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-7620 MEDIUM POC PATCH This Month

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect CSRF PHP Mantisbt
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9115 HIGH This Week

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2017-9113 HIGH This Week

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-9111 HIGH PATCH This Week

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Openexr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-9133 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9135 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9138 HIGH This Week

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware Fh1202 Firmware F1202 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-9117 MEDIUM POC This Month

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libtiff Ubuntu Linux
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2017-9131 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2014-9970 HIGH PATCH This Week

jasypt before 1.9.2 allows a timing attack against the password hash comparison. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jasypt
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-9134 HIGH This Week

An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-9132 HIGH This Week

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9136 HIGH This Week

An issue was discovered on Mimosa Client Radios before 2.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backhaul Radios Client Radios
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9137 HIGH This Week

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fiberair Ip 10 Firmware
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2017-9112 MEDIUM PATCH This Month

In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Openexr
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-9114 MEDIUM This Month

In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openexr
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-9110 MEDIUM This Month

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openexr
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9116 MEDIUM This Month

In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openexr
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9139 LOW Monitor

There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware Fh1202 Firmware F1202 Firmware
NVD
CVSS 3.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy