Skip to main content
CVE-2015-8352 CRITICAL POC PATCH THREAT Act Now

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.5%.

Path Traversal PHP Zen Cart
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.5%
Threat
4.6
CVE-2015-7259 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.3%
Threat
4.3
CVE-2015-7258 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
32.6%
Threat
4.2
CVE-2015-7257 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.7%.

Zte Information Disclosure Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.7%
CVE-2017-13669 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12679 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-7896 MEDIUM POC THREAT This Month

LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Buffer Overflow Denial Of Service Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
12.4%
CVE-2015-8355 HIGH POC This Week

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bitrix
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-12836 HIGH POC PATCH This Week

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Cvs Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2015-4699 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splash Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-1801 CRITICAL Act Now

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Samsung Galaxy S4 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2014-4616 MEDIUM POC PATCH This Month

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Python Simplejson Opensuse
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2017-13666 MEDIUM POC This Month

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X265
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-12134 HIGH PATCH This Week

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Xenserver
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-12135 HIGH PATCH This Week

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Xen Xenserver Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-12137 HIGH PATCH This Week

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Xen Xenserver Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2015-7516 HIGH PATCH This Week

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Onos
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2015-8308 HIGH This Week

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lxdm
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1800 HIGH This Week

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Galaxy S4 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-13686 HIGH PATCH This Week

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0805 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-12136 HIGH PATCH This Week

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Xen Xenserver Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9512 HIGH This Week

The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Crucible Fisheye
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2017-9511 HIGH This Week

The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Atlassian Crucible Fisheye
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-11424 HIGH PATCH This Week

In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pyjwt Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-13658 MEDIUM PATCH This Month

In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12074 MEDIUM This Month

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Dns Server
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13671 MEDIUM PATCH This Month

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-5293 MEDIUM This Month

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat Enterprise Virtualization Manager
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-5146 MEDIUM This Month

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Fedora Debian Linux Ntp
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2017-12879 MEDIUM This Month

Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9510 MEDIUM This Month

The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9509 MEDIUM This Month

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian File Upload Crucible Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9507 MEDIUM This Month

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9555 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology PHP Photo Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9508 MEDIUM This Month

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy