Skip to main content
CVE-2017-8870 HIGH POC THREAT Act Now

Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.6%.

Buffer Overflow RCE Audiocoder
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
37.6%
Threat
4.2
CVE-2017-8869 HIGH POC THREAT Act Now

Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Buffer Overflow RCE Mediacoder
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
35.4%
Threat
4.1
CVE-2016-0736 HIGH POC THREAT Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.7%.

Information Disclosure Apache Oracle Http Server Apache HTTP Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
41.7%
Threat
4.3
CVE-2017-11673 CRITICAL POC Act Now

Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Web Vulnerability Scanner
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-2161 HIGH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.2% and no vendor patch available.

Denial Of Service Memory Corruption Apache Http Server Apache HTTP Server
NVD
CVSS 3.0
7.5
EPSS
33.2%
CVE-2017-9614 HIGH POC This Week

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libjpeg Turbo
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
4.3%
CVE-2017-11681 HIGH POC This Week

Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Hashtopussy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11678 HIGH POC This Week

SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hashtopus
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-11679 HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hashtopus
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11680 HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hashtopussy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-11684 HIGH POC This Week

There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-11686 MEDIUM POC This Month

Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2017-9259 MEDIUM POC This Month

The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Soundtouch
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2017-11687 MEDIUM POC This Month

Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-11685 MEDIUM POC This Month

Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Eventlog Analyzer
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-11677 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hashtopus
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11682 MEDIUM POC This Month

Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hashtopolis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-9260 MEDIUM POC This Month

The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Soundtouch
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.2%
CVE-2017-9412 MEDIUM POC This Month

The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lame
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
2.5%
CVE-2017-9258 MEDIUM POC This Month

The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Soundtouch
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
2.4%
CVE-2017-9545 MEDIUM POC This Month

The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mpg123
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2017-11674 MEDIUM POC This Month

Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Web Vulnerability Scanner
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-11691 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-8743 HIGH PATCH This Week

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Http Server Clustered Data Ontap Oncommand Unified Manager +9
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2017-11675 HIGH This Week

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Zen Cart
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-10402 HIGH This Week

Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Antivirus
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2017-11665 HIGH This Week

The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-10399 HIGH This Week

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sendio
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11683 MEDIUM This Month

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Exiv2 Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy