Skip to main content
CVE-2014-2023 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tapatalk
NVD Exploit-DB GitHub
CVSS 3.0
9.8
EPSS
9.4%
CVE-2017-15907 CRITICAL POC Act Now

SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpcollab
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-15882 HIGH POC This Week

The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Private Internet Access
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2012-1622 CRITICAL Act Now

Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Ofbiz
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-15919 CRITICAL Act Now

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Ultimate Form Builder Lite
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-15909 CRITICAL Act Now

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dgs 1500 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-15366 CRITICAL Act Now

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ndoc
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-15922 MEDIUM POC This Month

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libextractor
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-5996 HIGH This Week

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Support
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-7341 HIGH This Week

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlc
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2017-12159 HIGH PATCH This Week

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Information Disclosure Single Sign On Keycloak
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-15908 HIGH PATCH This Week

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Systemd Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-3771 HIGH This Week

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Thinkcentre M710S Firmware Thinkcentre M710T Firmware Aio E95 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12160 HIGH PATCH This Week

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keycloak
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2017-1222 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Bigfix Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-15917 MEDIUM This Month

In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Prtg Network Monitor
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2012-4377 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mediawiki
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2017-7732 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortimail
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2012-4378 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Mediawiki
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-1521 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Bigfix Platform
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1232 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-15906 MEDIUM This Month

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
2.7%
CVE-2017-12158 MEDIUM PATCH This Month

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

XSS Request Smuggling Single Sign On Keycloak
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2017-7335 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiwlc
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1230 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1225 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1220 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-15911 MEDIUM PATCH This Month

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE CSRF Openfire
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2017-1226 MEDIUM PATCH This Month

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1228 LOW PATCH Monitor

IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Bigfix Platform
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2017-15096 LOW Monitor

A flaw was found in GlusterFS in versions prior to 3.10. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs
NVD
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy