Skip to main content
CVE-2015-8351 CRITICAL POC THREAT Emergency

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 69.4%.

Path Traversal Code Injection RCE PHP WordPress +1
NVD Exploit-DB
CVSS 3.0
9.0
EPSS
69.4%
Threat
5.4
CVE-2015-4523 CRITICAL POC Act Now

Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files,. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Privilege Escalation Malware Analysis Appliance Malware Analyzer G2
NVD Exploit-DB
CVSS 3.0
9.3
EPSS
5.5%
CVE-2017-14269 CRITICAL POC Act Now

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 4Gee Wifi Mbb Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14252 CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14247 CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14251 HIGH POC PATCH This Week

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Typo3
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-14263 HIGH Act Now

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.4% and no vendor patch available.

Session Fixation Honeywell Information Disclosure Enterprise Dvr Firmware Maxpro Nvr Hybrid Se Firmware +5
NVD GitHub
CVSS 3.0
8.1
EPSS
24.4%
CVE-2017-14267 HIGH POC This Week

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF 4Gee Wifi Mbb Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14262 HIGH Act Now

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.0% and no vendor patch available.

Samsung Information Disclosure Srn 1670D Firmware Srn 1000 Firmware Srn 472S Firmware +1
NVD GitHub
CVSS 3.0
8.1
EPSS
21.0%
CVE-2015-9227 HIGH POC This Week

PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Alegrocart
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
4.4%
CVE-2015-8349 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sourcebans
NVD
CVSS 3.0
6.1
EPSS
9.8%
CVE-2017-14258 HIGH POC This Week

In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Bento4
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14260 HIGH POC This Week

In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Bento4
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14259 HIGH POC This Week

In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Bento4
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14261 HIGH POC This Week

In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14257 HIGH POC This Week

In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14153 HIGH POC This Week

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Windriver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14075 HIGH POC This Week

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Windriver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-9226 HIGH POC This Week

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Alegrocart
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
1.7%
CVE-2017-7650 MEDIUM POC PATCH This Month

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Mosquitto Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2015-8354 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Ultimate Member
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-8353 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Role Scoper
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14268 MEDIUM POC This Month

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4Gee Wifi Mbb Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8350 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Call To Action
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-4689 CRITICAL Act Now

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Banner Student
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-14265 CRITICAL PATCH Act Now

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Libraw
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-7877 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi User Dashboard
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7649 CRITICAL Act Now

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kura
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14242 CRITICAL PATCH Act Now

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-14238 CRITICAL PATCH Act Now

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-14312 HIGH This Week

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios Core
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14301 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14300 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14299 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14298 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14297 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14296 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14295 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14294 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14293 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14292 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14291 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14290 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14289 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14288 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14287 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14286 HIGH This Week

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Stdu Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14275 HIGH This Week

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14274 HIGH This Week

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14273 HIGH This Week

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Denial Of Service Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy