Skip to main content
CVE-2017-11165 CRITICAL POC THREAT Emergency

dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

Information Disclosure Dt80 Dex Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
90.7%
Threat
6.2
CVE-2017-11167 CRITICAL POC Act Now

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Finecms
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-2820 HIGH POC This Week

An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Poppler
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-11190 HIGH POC This Week

unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Unrar Free
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2863 HIGH POC This Week

An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Infix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-11178 HIGH POC This Week

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Finecms
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-4053 CRITICAL PATCH Act Now

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Advanced Threat Defense
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-11189 MEDIUM POC This Month

unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Unrar Free
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2016-8638 CRITICAL PATCH Act Now

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Ipsilon
NVD
CVSS 3.0
9.1
EPSS
7.1%
CVE-2017-4052 CRITICAL PATCH Act Now

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Advanced Threat Defense
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11187 CRITICAL Act Now

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpmyfaq
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11174 CRITICAL Act Now

In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Xoops
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-4054 HIGH PATCH This Week

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Advanced Threat Defense
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2017-4057 HIGH PATCH This Week

Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Advanced Threat Defense
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-11196 HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11193 HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9844 HIGH This Week

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Denial Of Service Deserialization Java RCE +1
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2017-9845 HIGH This Week

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2017-2814 HIGH This Week

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Poppler
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-4055 HIGH PATCH This Week

Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Advanced Threat Defense
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-2818 HIGH This Week

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Poppler
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-9977 HIGH This Week

AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Anti Virus
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-11188 HIGH PATCH This Week

The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9843 LOW POC Monitor

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Netweaver Abap
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2017-1285 MEDIUM PATCH This Month

IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-7678 MEDIUM PATCH This Month

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apache Spark
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-11195 MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-1321 MEDIUM PATCH This Month

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-11194 MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11180 MEDIUM This Month

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11179 MEDIUM This Month

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8947 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11182 MEDIUM This Month

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-8948 MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8946 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6114 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8950 MEDIUM This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-11181 MEDIUM This Month

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8953 MEDIUM PATCH This Month

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy