Skip to main content
CVE-2017-9833 HIGH POC THREAT Act Now

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Path Traversal Boa
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
84.5%
Threat
5.5
CVE-2017-9848 CRITICAL Act Now

SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easysite
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-9846 HIGH PATCH This Week

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP RCE Winmail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2017-9832 MEDIUM PATCH This Month

An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Libmtp
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2017-9831 MEDIUM PATCH This Month

An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Libmtp
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2017-9847 MEDIUM PATCH This Month

The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libtorrent
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9836 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy