Skip to main content
CVE-2017-15223 MEDIUM POC THREAT This Month

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Denial Of Service Mini Mail Server
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
17.2%
CVE-2017-15878 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Keystone
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2017-15863 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp No External Links
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15873 MEDIUM POC PATCH This Month

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Busybox Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-15874 MEDIUM POC This Month

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Busybox
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2013-3734 MEDIUM This Month

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jboss Application Server
NVD
CVSS 3.0
6.6
EPSS
0.8%
CVE-2017-15186 MEDIUM PATCH This Month

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-1212 MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Daeja Viewone
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-15867 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP User Login History
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1209 MEDIUM This Month

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Daeja Viewone
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3049 MEDIUM This Month

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages Grc Platform
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15881 MEDIUM PATCH This Month

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended". Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Keystone
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2017-12618 MEDIUM This Month

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Apache Information Disclosure Portable Runtime Utility
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2017-15872 MEDIUM PATCH This Month

phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Phpwcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy