Skip to main content
CVE-2017-9442 HIGH POC This Week

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Bigtree Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2017-8841 HIGH POC This Week

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
4.5%
CVE-2017-8836 HIGH POC This Week

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-9443 HIGH POC This Week

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bigtree Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2017-8438 HIGH PATCH This Week

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Elastic Privilege Escalation X Pack
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9437 HIGH This Week

Openbravo Business Suite 3.0 is affected by SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Openbravo Erp
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-9444 HIGH PATCH This Week

BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Bigtree Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1000368 HIGH This Week

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-9438 HIGH PATCH This Week

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Yara
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7669 HIGH PATCH This Week

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Docker Apache Information Disclosure Hadoop
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy