Skip to main content
CVE-2017-6090 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.9%.

RCE PHP File Upload Phpcollab
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
86.9%
Threat
5.9
CVE-2017-14492 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.8%.

Buffer Overflow RCE Denial Of Service Ubuntu Linux Debian Linux +4
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
92.8%
Threat
6.2
CVE-2017-13704 HIGH Act Now

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 79.3% and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Fedora Leap +4
NVD
CVSS 3.0
7.5
EPSS
79.3%
CVE-2017-14495 HIGH POC PATCH THREAT Act Now

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

Denial Of Service Ubuntu Linux Debian Linux Enterprise Linux Desktop Enterprise Linux Server +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
53.3%
Threat
4.6
CVE-2017-14496 HIGH POC PATCH THREAT Act Now

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Integer Overflow Denial Of Service Ubuntu Linux Debian Linux Android +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.9%
CVE-2017-14493 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Ubuntu Linux Debian Linux +5
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.3%
CVE-2017-6089 CRITICAL POC Act Now

SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpcollab
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.6%
CVE-2017-12620 CRITICAL POC PATCH Act Now

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Apache Opennlp
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-11321 HIGH POC THREAT Act Now

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%.

Command Injection Wireless Appliance
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
10.5%
CVE-2017-14848 HIGH POC This Week

WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wphrm Human Resource Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-14758 HIGH POC This Week

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection:. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Document Sciences Xpression
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14757 HIGH POC This Week

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection:. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Document Sciences Xpression
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-11322 HIGH POC This Week

The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ucopia Wireless Appliance
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
1.3%
CVE-2017-14494 MEDIUM POC PATCH THREAT This Month

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 11.0%.

Information Disclosure Ubuntu Linux Debian Linux Leap Enterprise Linux Desktop +3
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
11.0%
CVE-2015-7358 HIGH POC This Week

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Ciphershed Veracrypt Truecrypt
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2015-6971 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14979 HIGH POC This Week

Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gxlcms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-11497 CRITICAL Act Now

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sentinel Ldk Rte
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2017-11496 CRITICAL Act Now

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sentinel Ldk Rte
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2017-14990 MEDIUM POC This Month

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12792 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF PHP Nexusphp
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2015-7841 CRITICAL Act Now

The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Command Injection Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-14756 MEDIUM POC This Month

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Document Sciences Xpression
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14755 MEDIUM POC This Month

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Document Sciences Xpression
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-13997 CRITICAL Act Now

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Wonderware Indusoft Web Studio Wonderware Intouch
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-8021 CRITICAL Act Now

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Storage
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-14759 CRITICAL Act Now

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSRF XXE Document Sciences Xpression
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12639 CRITICAL Act Now

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Imail Server
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-12638 CRITICAL Act Now

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Imail Server
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14981 MEDIUM POC This Month

Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Atutor
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14985 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-14984 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-6576 HIGH This Week

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Bamboo
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2017-1311 HIGH This Week

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Insights Foundation For Energy
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-14983 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2016-6806 HIGH PATCH This Week

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Wicket
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7843 HIGH This Week

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 +7
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-11498 HIGH This Week

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sentinel Ldk Rte
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2015-7359 HIGH This Week

The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Ciphershed Veracrypt Truecrypt
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14773 HIGH This Week

Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Skybox Manager Client Application
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8018 HIGH This Week

EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Appsync
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-1569 HIGH This Week

IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-3321 MEDIUM This Month

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Fingerprint Manager
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-14754 MEDIUM This Month

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Document Sciences Xpression
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-14989 MEDIUM PATCH This Month

A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-9797 MEDIUM PATCH This Month

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Apache Information Disclosure Geode
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-7980 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Compass Rose
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-7357 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Udesign
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-9538 MEDIUM This Month

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Network Performance Monitor
NVD
CVSS 3.0
4.9
EPSS
5.6%
CVE-2014-0043 MEDIUM PATCH This Month

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Wicket
NVD
CVSS 3.0
5.3
EPSS
1.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy