Skip to main content
CVE-2017-7918 MEDIUM POC THREAT This Month

An Improper Access Control issue was discovered in Cambium Networks ePMP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.2%.

Authentication Bypass Epmp 1000 Firmware Epmp Elevate Firmware Epmp 2000 Firmware Epmp 1000 Hotspot Firmware
NVD
CVSS 3.0
6.8
EPSS
42.2%
Threat
4.1
CVE-2017-7922 HIGH POC THREAT Act Now

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.1%.

Privilege Escalation Epmp 1000 Firmware Epmp Elevate Firmware Epmp 2000 Firmware Epmp 1000 Hotspot Firmware
NVD
CVSS 3.0
7.6
EPSS
38.1%
Threat
4.2
CVE-2017-2805 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption C1 Hd Indoor Camera Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2017-2828 HIGH POC This Week

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2827 HIGH POC This Week

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-2831 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-2830 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-2829 MEDIUM POC This Month

An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal C1 Indoor Hd Camera Firmware
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2016-7508 HIGH POC This Week

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SQLi Glpi
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-4989 CRITICAL Act Now

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Avamar Server
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-9781 MEDIUM POC This Month

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Check Mk
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-4990 CRITICAL Act Now

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avamar Server
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-6050 CRITICAL Act Now

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Integraxor
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-9771 CRITICAL PATCH Act Now

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Websitebaker
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-8731 CRITICAL Act Now

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C1 Webcam Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2017-9130 MEDIUM POC This Month

The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freeware Advanced Audio Coder
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.1%
CVE-2017-9129 MEDIUM POC This Month

The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeware Advanced Audio Coder
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2017-9774 HIGH This Week

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Horde Image Api
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2017-2813 HIGH This Week

An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Irfanview
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-3219 HIGH This Week

Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure True Image
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-3218 HIGH This Week

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Magician
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2017-9780 HIGH PATCH This Week

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Flatpak Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9766 HIGH PATCH This Week

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-6043 HIGH PATCH This Week

A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Vtscada
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-6045 HIGH PATCH This Week

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vtscada
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-4988 HIGH This Week

EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Isilon Onefs
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-1304 MEDIUM This Month

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service IBM Elastic Elastic Storage Server
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2017-6053 MEDIUM PATCH This Month

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Vtscada
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9773 MEDIUM This Month

Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Horde Image
NVD
CVSS 3.0
5.7
EPSS
0.1%
CVE-2017-9782 MEDIUM PATCH This Month

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Jasper
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-9778 MEDIUM This Month

GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gdb
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1117 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy