Skip to main content
CVE-2017-12585 HIGH POC This Week

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Akasia
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-12584 HIGH POC This Week

There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-10677 HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Linksys Ea4500 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-12581 HIGH POC PATCH This Week

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Google Command Injection Electron Chrome
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2017-12586 MEDIUM POC This Month

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Akasia
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12583 MEDIUM POC This Month

DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dokuwiki
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-12588 CRITICAL PATCH Act Now

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rsyslog
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12587 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-12480 HIGH This Week

Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sandboxie Installer
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-12568 HIGH This Week

Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dcp J132W Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy