Skip to main content
CVE-2017-9544 CRITICAL POC THREAT Emergency

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.6%.

Buffer Overflow Memory Corruption RCE Easy Chat Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
79.6%
Threat
5.8
CVE-2017-9418 HIGH POC This Week

SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Testimonials Plugin Easy Testimonials
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-9124 MEDIUM POC This Month

The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.6%
CVE-2017-9122 MEDIUM POC This Month

The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
6.8%
CVE-2017-9557 HIGH POC This Week

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easy Chat Server
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-9543 HIGH POC This Week

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easy Chat Server
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-9128 MEDIUM POC This Month

The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.9%
CVE-2017-9127 MEDIUM POC This Month

The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.9%
CVE-2017-9126 MEDIUM POC This Month

The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.9%
CVE-2017-9125 MEDIUM POC This Month

The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.9%
CVE-2017-9123 MEDIUM POC This Month

The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libquicktime
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.9%
CVE-2017-8871 MEDIUM POC This Month

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libcroco Leap
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2017-8834 MEDIUM POC This Month

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libcroco Leap
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2015-9096 MEDIUM POC PATCH This Month

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Ruby
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2015-9097 MEDIUM POC PATCH This Month

The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Mail
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2014-9984 CRITICAL PATCH Act Now

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Glibc
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9324 HIGH This Week

In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Otrs Debian Linux
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-6892 HIGH PATCH This Week

In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libsndfile
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7667 HIGH PATCH This Week

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Nifi
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-7665 MEDIUM PATCH This Month

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Nifi
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-1214 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Inotes
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2017-9546 MEDIUM PATCH This Month

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service PHP Bigtree Cms
NVD GitHub
CVSS 3.0
5.7
EPSS
0.4%
CVE-2017-1276 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1247 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1278 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9548 MEDIUM PATCH This Month

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Bigtree Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-9547 MEDIUM PATCH This Month

admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Bigtree Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy