Skip to main content
CVE-2017-12615 HIGH POC KEV PATCH THREAT Act Now

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Apache Microsoft Tomcat File Upload
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
94.2%
Threat
7.4
CVE-2017-12616 HIGH PATCH Act Now

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 91.4%.

Tomcat Apache Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
91.4%
Threat
4.2
CVE-2014-9619 HIGH POC This Week

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Netsweeper
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.5%
CVE-2014-5362 HIGH POC This Week

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2015-4681 HIGH POC This Week

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14311 HIGH POC This Week

The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netdecision
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-14141 HIGH POC This Week

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Kaltura Server
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2015-4685 HIGH POC This Week

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-14033 HIGH PATCH This Week

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service OpenSSL Ruby
NVD
CVSS 3.0
7.5
EPSS
8.2%
CVE-2017-10784 HIGH PATCH This Week

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ruby
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2015-4089 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP Wp Fastest Cache
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-12837 HIGH PATCH This Week

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Perl
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2015-1854 HIGH This Week

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 389 Directory Server Fedora Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-14581 HIGH This Week

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2017-10931 HIGH This Week

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware Zxr10 160 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2015-0689 HIGH This Week

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Web Security
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-9616 HIGH This Week

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netsweeper
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy