Skip to main content
CVE-2017-8782 MEDIUM POC This Month

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libming
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-9306 MEDIUM POC This Month

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Syspass
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-9305 MEDIUM POC PATCH This Month

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8402 HIGH PATCH This Week

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Pivotx
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-9304 HIGH PATCH This Week

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-5688 MEDIUM This Month

There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Privilege Escalation Solid State Drive Toolbox
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-9307 MEDIUM This Month

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Allen Disk
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-4897 MEDIUM PATCH This Month

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

VMware Information Disclosure Horizon Daas
NVD
CVSS 3.0
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy