Skip to main content
CVE-2015-2673 HIGH POC THREAT Act Now

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 63.8%.

RCE WordPress PHP Privilege Escalation Wp Easycart
NVD
CVSS 3.0
8.8
EPSS
63.8%
Threat
5.2
CVE-2017-14089 CRITICAL POC PATCH THREAT Act Now

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.5%.

Buffer Overflow Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.5%
Threat
4.4
CVE-2017-14087 HIGH POC THREAT Act Now

A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.5%.

Code Injection Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
22.5%
CVE-2017-14086 HIGH POC PATCH THREAT Act Now

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.2%.

Denial Of Service Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.2%
CVE-2017-14083 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Trend Micro Information Disclosure Officescan
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.9%
CVE-2015-2147 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Phpbugtracker
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14084 HIGH POC PATCH This Week

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
7.9%
CVE-2015-2143 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Phpbugtracker
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-2142 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Phpbugtracker
NVD GitHub Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14085 MEDIUM POC PATCH THREAT This Month

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Trend Micro PHP Information Disclosure Officescan
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
12.4%
CVE-2017-13068 HIGH POC This Week

QNAP has already patched this vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Qnap SQLi Qts Helpdesk
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-13069 CRITICAL Act Now

QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Music Station
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2017-15084 MEDIUM POC This Month

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Metasploit
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-8758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Gallery Bank
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-7240 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Contact Form Solution
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-8492 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Profile Builder
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-2146 CRITICAL Act Now

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Phpbugtracker
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-15047 CRITICAL PATCH Act Now

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Redis
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-15045 MEDIUM POC This Month

LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Lame
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15046 MEDIUM POC This Month

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lame
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-8957 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openkm
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-2145 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpbugtracker
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.3%
CVE-2017-15063 HIGH PATCH This Week

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Subrion
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-5246 HIGH PATCH This Week

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Foreman
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2015-2158 HIGH PATCH This Week

Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Pngcrush
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-15056 HIGH PATCH This Week

p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Upx
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-0047 HIGH This Week

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12730 HIGH This Week

An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Mypro
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1000254 HIGH PATCH This Week

libcurl may read outside of a heap allocated buffer when doing FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libcurl
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2015-1429 HIGH This Week

Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Thinfinity Remote Desktop Workstation
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-15079 HIGH This Week

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Smush Image Compression And Optimization
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-2297 HIGH This Week

nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libcsoap
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-9272 HIGH This Week

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bi Directional Driver
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1002153 HIGH PATCH This Week

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Koji
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-14088 HIGH PATCH This Week

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Trend Micro Privilege Escalation Officescan +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-1828 MEDIUM PATCH This Month

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Http Rb
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2014-2903 MEDIUM This Month

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2015-1206 MEDIUM This Month

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9273 MEDIUM This Month

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bi Directional Driver
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-2144 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Phpbugtracker
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-2148 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Phpbugtracker
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-0296 MEDIUM This Month

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Texlive
NVD
CVSS 3.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy