Skip to main content
CVE-2017-13708 CRITICAL POC THREAT Emergency

Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.7%.

Buffer Overflow RCE Vx Search
NVD
CVSS 3.0
9.8
EPSS
70.7%
Threat
5.6
CVE-2014-8676 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.9%.

Path Traversal Soplanning
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
81.9%
Threat
5.0
CVE-2015-5958 HIGH POC THREAT Act Now

phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.5%.

Command Injection Phpfilemanager
NVD
CVSS 3.1
8.8
EPSS
43.5%
Threat
4.6
CVE-2014-8675 HIGH POC THREAT Act Now

Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.0%.

Information Disclosure Soplanning
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
36.0%
Threat
4.1
CVE-2017-0899 CRITICAL POC PATCH Act Now

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rubygems Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2017-0901 HIGH POC PATCH THREAT Act Now

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Path Traversal Rubygems Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
18.6%
CVE-2017-14064 CRITICAL POC PATCH Act Now

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ruby Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-14076 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14069 CRITICAL POC Act Now

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nexusphp
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-0900 HIGH POC PATCH THREAT Act Now

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Denial Of Service Rubygems Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
7.5
EPSS
11.2%
CVE-2017-0902 HIGH POC PATCH This Week

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Rubygems Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.0
8.1
EPSS
5.2%
CVE-2016-10509 HIGH POC PATCH This Week

SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Opencart
NVD GitHub
CVSS 3.0
7.2
EPSS
0.5%
CVE-2015-5695 MEDIUM POC PATCH This Month

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Designate
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2017-13670 MEDIUM POC This Month

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Blackcat Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-7711 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Atutor
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-10510 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kohana Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-7855 MEDIUM POC This Month

In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Server
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-14062 CRITICAL PATCH Act Now

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2 Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2015-7700 CRITICAL Act Now

Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pngcrush
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14061 CRITICAL PATCH Act Now

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2014-8677 MEDIUM POC This Month

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Soplanning
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
3.0%
CVE-2017-14050 HIGH This Week

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Blackcat Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-14048 HIGH This Week

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Blackcat Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-14063 HIGH PATCH This Week

Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Async Http Client
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2017-11158 HIGH This Week

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Synology Microsoft Cloud Station Drive
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5795 HIGH This Week

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XXE I Vu Sitescan Web Automatedlogic Webctrl
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2017-14058 MEDIUM PATCH This Month

In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-14059 MEDIUM PATCH This Month

In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-14057 MEDIUM PATCH This Month

In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14056 MEDIUM PATCH This Month

In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14055 MEDIUM PATCH This Month

In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14054 MEDIUM PATCH This Month

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14060 MEDIUM PATCH This Month

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-14070 MEDIUM This Month

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10508 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpthumb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1450 MEDIUM This Month

IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-1447 MEDIUM This Month

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14049 MEDIUM This Month

In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Blackcat Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1444 MEDIUM This Month

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1449 MEDIUM This Month

IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect IBM Emptoris Sourcing
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-0713 MEDIUM This Month

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Cf Release
NVD GitHub
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-14051 MEDIUM PATCH This Month

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.0
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy