Skip to main content
CVE-2017-12615 HIGH POC KEV PATCH THREAT Act Now

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache Microsoft Tomcat File Upload
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
94.2%
Threat
7.4
CVE-2017-14143 CRITICAL POC THREAT Emergency

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Authentication Bypass PHP Kaltura Server
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
77.4%
Threat
5.8
CVE-2014-9618 CRITICAL POC THREAT Emergency

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.2%.

Authentication Bypass Netsweeper
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
68.2%
Threat
5.5
CVE-2017-12616 HIGH PATCH Act Now

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 91.4%.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
91.4%
Threat
4.2
CVE-2014-8684 CRITICAL POC PATCH THREAT Act Now

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.

Code Injection PHP Codeigniter Kohana
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
44.8%
Threat
4.8
CVE-2014-8686 CRITICAL POC THREAT Emergency

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

PHP Information Disclosure Codeigniter
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
34.0%
Threat
4.5
CVE-2015-4683 CRITICAL POC THREAT Emergency

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.3%.

Privilege Escalation Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
34.3%
Threat
4.5
CVE-2014-9611 CRITICAL POC THREAT Emergency

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Authentication Bypass PHP Netsweeper
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2017-6315 CRITICAL POC Act Now

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Astaro Security Gateway Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.4%
CVE-2015-4682 MEDIUM POC THREAT This Month

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Information Disclosure Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
12.3%
CVE-2015-4684 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Path Traversal Authentication Bypass Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
11.4%
CVE-2014-9619 HIGH POC This Week

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Netsweeper
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.5%
CVE-2014-9610 MEDIUM POC THREAT This Month

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

PHP Privilege Escalation Netsweeper
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
13.4%
CVE-2014-5362 HIGH POC This Week

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2015-4681 HIGH POC This Week

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14311 HIGH POC This Week

The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netdecision
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-14141 HIGH POC This Week

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Kaltura Server
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2015-4685 HIGH POC This Week

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.2%
CVE-2015-3431 CRITICAL Act Now

Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pydio
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2014-8174 CRITICAL Act Now

eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Edeploy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-14142 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10700 CRITICAL Act Now

In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Information Disclosure Qts
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-12883 CRITICAL PATCH Act Now

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Perl
NVD
CVSS 3.0
9.1
EPSS
4.7%
CVE-2015-1849 MEDIUM POC This Month

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Jboss Enterprise Application Platform
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-10930 CRITICAL Act Now

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2015-1864 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kallithea
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-14033 HIGH PATCH This Week

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service OpenSSL Ruby
NVD
CVSS 3.0
7.5
EPSS
8.2%
CVE-2017-10784 HIGH PATCH This Week

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ruby
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-14601 MEDIUM POC This Month

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Pragyan Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-14600 MEDIUM POC This Month

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Pragyan Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-14597 MEDIUM POC This Month

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Aurora Webmail
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-4089 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP Wp Fastest Cache
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12837 HIGH PATCH This Week

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Perl
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2015-1854 HIGH This Week

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 389 Directory Server Fedora Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-14581 HIGH This Week

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2017-10931 HIGH This Week

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware Zxr10 160 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2015-0689 HIGH This Week

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Web Security
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-9616 HIGH This Week

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netsweeper
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-3420 MEDIUM This Month

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service OpenSSL Dovecot Fedora
NVD
CVSS 3.0
5.9
EPSS
7.6%
CVE-2015-3419 MEDIUM This Month

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vbulletin
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-3880 MEDIUM PATCH This Month

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Google Phpbb Chrome
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-3299 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Floating Social Bar
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3432 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pydio
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7837 MEDIUM This Month

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux Enterprise Linux Desktop +4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-6191 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy