Skip to main content
CVE-2017-6090 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.9%.

RCE PHP File Upload Phpcollab
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
86.9%
Threat
5.9
CVE-2017-13704 HIGH Act Now

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 79.3% and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Fedora Leap +4
NVD
CVSS 3.0
7.5
EPSS
79.3%
CVE-2017-14495 HIGH POC PATCH THREAT Act Now

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

Denial Of Service Ubuntu Linux Debian Linux Enterprise Linux Desktop Enterprise Linux Server +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
53.3%
Threat
4.6
CVE-2017-14496 HIGH POC PATCH THREAT Act Now

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Integer Overflow Denial Of Service Ubuntu Linux Debian Linux Android +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.9%
CVE-2017-11321 HIGH POC THREAT Act Now

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%.

Command Injection Wireless Appliance
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
10.5%
CVE-2017-14848 HIGH POC This Week

WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wphrm Human Resource Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2017-14758 HIGH POC This Week

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection:. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Document Sciences Xpression
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14757 HIGH POC This Week

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection:. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Document Sciences Xpression
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-11322 HIGH POC This Week

The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ucopia Wireless Appliance
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
1.3%
CVE-2015-7358 HIGH POC This Week

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Ciphershed Veracrypt Truecrypt
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2015-6971 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14979 HIGH POC This Week

Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gxlcms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-6576 HIGH This Week

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Bamboo
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2017-1311 HIGH This Week

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Insights Foundation For Energy
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-6806 HIGH PATCH This Week

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Wicket
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7843 HIGH This Week

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 +7
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-11498 HIGH This Week

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sentinel Ldk Rte
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2015-7359 HIGH This Week

The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Ciphershed Veracrypt Truecrypt
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-14773 HIGH This Week

Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Skybox Manager Client Application
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8018 HIGH This Week

EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Appsync
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-1569 HIGH This Week

IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 3.0
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy