Skip to main content
CVE-2015-4181 HIGH POC THREAT Act Now

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Path Traversal PHP Phpmybackuppro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.3%
CVE-2014-7858 CRITICAL Act Now

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

D-Link Authentication Bypass Dnr 326 Firmware
NVD
CVSS 3.0
9.8
EPSS
14.0%
CVE-2014-7857 CRITICAL Act Now

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.0% and no vendor patch available.

D-Link Authentication Bypass Dns 322L Firmware Dns 325 Firmware Dns 345 Firmware +4
NVD
CVSS 3.0
9.8
EPSS
12.0%
CVE-2014-7859 CRITICAL Act Now

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Buffer Overflow RCE D-Link Dns 322L Firmware Dns 320Lw Firmware +3
NVD
CVSS 3.0
9.8
EPSS
11.7%
CVE-2017-9650 HIGH POC This Week

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior;. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload I Vu Sitescan Web Automatedlogic Webctrl
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2017-9640 MEDIUM POC This Month

A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal I Vu Sitescan Web Automatedlogic Webctrl
NVD Exploit-DB
CVSS 3.0
6.3
EPSS
6.0%
CVE-2017-9644 HIGH POC This Week

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

RCE I Vu Sitescan Web Automatedlogic Webctrl
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
1.5%
CVE-2015-1325 HIGH POC PATCH This Week

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and. Rated high severity (CVSS 7.0). Public exploit code available.

Ubuntu Race Condition Information Disclosure Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.4%
CVE-2017-12707 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Scada Microbrowser
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-12816 CRITICAL Act Now

In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Internet Security
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-12857 HIGH This Week

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unified Communications Software
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-7926 HIGH This Week

A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pi Web Api
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12703 HIGH This Week

A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mrd 305 Din Firmware Mrd 315 Din Firmware Mrd 355 Din Firmware Mrd 455 Din Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-12694 HIGH This Week

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Scada Web Server
NVD
CVSS 3.0
7.5
EPSS
5.3%
CVE-2015-3206 HIGH PATCH This Week

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Python Authentication Bypass Pykerberos
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2015-1395 HIGH PATCH This Week

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Fedora Ubuntu Linux Patch
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2015-1324 HIGH PATCH This Week

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Ubuntu Privilege Escalation Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-4180 HIGH This Week

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Phpmybackuppro
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-13692 HIGH PATCH This Week

In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tidy
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5816 HIGH This Week

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mrd 305 Din Firmware Mrd 315 Din Firmware Mrd 355 Din Firmware Mrd 455 Din Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12817 HIGH This Week

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Internet Security
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2015-4017 HIGH PATCH This Week

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Splunk Information Disclosure Salt
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-7930 HIGH This Week

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Pi Data Archive
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2017-13697 MEDIUM This Month

controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-3257 MEDIUM PATCH This Month

Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Open Redirect Diactoros
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-9564 MEDIUM This Month

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Ib6131 Firmware En6131 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-5701 MEDIUM PATCH This Month

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Texlive
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-5700 MEDIUM PATCH This Month

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Texlive
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2017-7934 MEDIUM This Month

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Pi Data Archive
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2014-9637 MEDIUM PATCH This Month

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Fedora Mageia Ubuntu Linux Patch
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-13694 MEDIUM PATCH This Month

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-3211 MEDIUM This Month

php-fpm allows local users to write to or create arbitrary files via a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Php Fpm
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-13693 MEDIUM PATCH This Month

The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-13695 MEDIUM PATCH This Month

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2014-7860 MEDIUM This Month

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link PHP Information Disclosure Dns 327L Firmware Dns 320L Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-12709 MEDIUM This Month

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mrd 305 Din Firmware Mrd 315 Din Firmware Mrd 355 Din Firmware Mrd 455 Din Firmware
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy