Skip to main content
CVE-2017-6320 HIGH POC THREAT Act Now

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Barracuda Command Injection Load Balancer Adc
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
28.6%
Threat
4.1
CVE-2017-11420 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Buffer Overflow RCE Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +25
NVD
CVSS 3.0
9.8
EPSS
17.7%
Threat
4.0
CVE-2017-11419 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11418 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11417 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11416 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11415 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11414 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11413 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11412 CRITICAL PATCH Act Now

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Fiyo Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-11403 HIGH PATCH This Week

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Graphicsmagick
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-1318 HIGH This Week

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Mq Appliance
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-11405 MEDIUM POC This Month

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Cms Made Simple
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-11404 MEDIUM POC This Month

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Cms Made Simple
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-7506 HIGH This Week

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Spice
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-10961 HIGH This Week

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF File Upload Redcap
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10708 HIGH This Week

An issue was discovered in Apport through 2.20.x. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Apport
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-11421 HIGH PATCH This Week

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Gnome Exe Thumbnailer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11409 HIGH PATCH This Week

In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-11407 HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-11406 HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-11408 HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-11411 HIGH PATCH This Week

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-11410 HIGH PATCH This Week

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-10962 MEDIUM This Month

REDCap before 7.5.1 has XSS via the query string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11423 MEDIUM This Month

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libmspack
NVD GitHub
CVSS 3.0
5.5
EPSS
2.8%
CVE-2017-5247 MEDIUM This Month

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure File Transfer
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-5246 MEDIUM This Month

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Secure File Transfer
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy