Skip to main content
CVE-2017-15222 CRITICAL POC THREAT Emergency

Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Buffer Overflow RCE Nftp
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.6%
Threat
5.9
CVE-2014-1203 CRITICAL POC THREAT Emergency

The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.1%.

PHP Command Injection Eyou
NVD
CVSS 3.1
9.8
EPSS
56.1%
Threat
5.1
CVE-2017-15081 CRITICAL POC Act Now

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Melody
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
7.3%
CVE-2017-15879 HIGH POC PATCH This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Keystone
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
9.8%
CVE-2017-15223 MEDIUM POC THREAT This Month

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Denial Of Service Mini Mail Server
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
17.2%
CVE-2017-15871 HIGH POC This Week

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Serialize To Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-15880 HIGH POC This Week

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-15878 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Keystone
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2017-15863 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp No External Links
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-5171 CRITICAL PATCH Act Now

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Information Disclosure Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2015-5172 CRITICAL PATCH Act Now

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Information Disclosure Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-14695 CRITICAL PATCH Act Now

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Salt
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-15873 MEDIUM POC PATCH This Month

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Busybox Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-15874 MEDIUM POC This Month

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Busybox
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2015-5173 HIGH This Week

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2015-5170 HIGH PATCH This Week

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Elastic Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-14696 HIGH PATCH This Week

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Salt
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-1583 HIGH This Week

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Java Information Disclosure Liberty
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-1523 HIGH This Week

IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Infosphere Master Data Management
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1210 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Daeja Viewone
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1375 HIGH This Week

IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize Unified V7000 Software
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-10517 HIGH This Week

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD GitHub
CVSS 3.0
7.4
EPSS
0.4%
CVE-2014-0691 HIGH This Week

Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 3.0
7.3
EPSS
0.2%
CVE-2017-12613 HIGH This Week

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache Information Disclosure Portable Runtime +10
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2013-3734 MEDIUM This Month

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jboss Application Server
NVD
CVSS 3.0
6.6
EPSS
0.8%
CVE-2017-15186 MEDIUM PATCH This Month

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-1212 MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Daeja Viewone
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-15867 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP User Login History
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1209 MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Daeja Viewone
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3049 MEDIUM This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15881 MEDIUM PATCH This Month

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended". Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Keystone
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2017-12618 MEDIUM This Month

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Apache Information Disclosure Portable Runtime Utility
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2017-15872 MEDIUM PATCH This Month

phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Phpwcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-1211 LOW Monitor

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Daeja Viewone
NVD
CVSS 3.0
2.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy