Skip to main content
CVE-2017-11366 CRITICAL POC PATCH THREAT Act Now

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.3%.

PHP Command Injection Codiad
NVD GitHub
CVSS 3.0
9.8
EPSS
34.3%
Threat
4.5
CVE-2017-12981 CRITICAL POC Act Now

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12784 HIGH POC This Week

In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cc File Transfer
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-12984 MEDIUM POC This Month

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.4%
CVE-2017-12980 MEDIUM POC This Month

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dokuwiki
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-12979 MEDIUM POC This Month

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dokuwiki
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-7420 CRITICAL Act Now

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Developer Enterprise Server Enterprise Server Monitor And Control
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-12983 HIGH PATCH This Week

Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7423 HIGH This Week

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Developer Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-5187 HIGH This Week

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Directory Server Enterprise Developer Enterprise Server Enterprise Server Monitor And Control
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6329 HIGH This Week

Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vip Access For Desktop
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-8037 HIGH This Week

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Release
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-12977 HIGH This Week

The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Photo Gallery
NVD GitHub
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-7424 MEDIUM This Month

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Developer Enterprise Server
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-7421 MEDIUM This Month

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Directory Server Enterprise Developer Enterprise Server Enterprise Server Monitor And Control
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-12982 MEDIUM PATCH This Month

The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Openjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-7422 MEDIUM This Month

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Developer Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-12978 MEDIUM PATCH This Month

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy