Skip to main content
CVE-2017-8870 HIGH POC THREAT Act Now

Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.6%.

Buffer Overflow RCE Audiocoder
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
37.6%
Threat
4.2
CVE-2017-8869 HIGH POC THREAT Act Now

Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Buffer Overflow RCE Mediacoder
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
35.4%
Threat
4.1
CVE-2016-0736 HIGH POC THREAT Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.7%.

Information Disclosure Apache Oracle Http Server Apache HTTP Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
41.7%
Threat
4.3
CVE-2016-2161 HIGH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.2% and no vendor patch available.

Denial Of Service Memory Corruption Apache Http Server Apache HTTP Server
NVD
CVSS 3.0
7.5
EPSS
33.2%
CVE-2017-9614 HIGH POC This Week

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libjpeg Turbo
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
4.3%
CVE-2017-11681 HIGH POC This Week

Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Hashtopussy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11678 HIGH POC This Week

SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hashtopus
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-11679 HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hashtopus
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11680 HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Hashtopussy
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-11684 HIGH POC This Week

There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libav
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-8743 HIGH PATCH This Week

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Http Server Clustered Data Ontap Oncommand Unified Manager +9
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2017-11675 HIGH This Week

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Zen Cart
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-10402 HIGH This Week

Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Antivirus
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2017-11665 HIGH This Week

The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-10399 HIGH This Week

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sendio
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy