Skip to main content
CVE-2017-15956 HIGH POC THREAT Act Now

ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.8%.

PHP Information Disclosure Converto Video Downloader Converter
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
22.8%
CVE-2017-15957 HIGH POC This Week

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ingenious School Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.3%
CVE-2017-16000 HIGH POC This Week

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2017-15996 HIGH PATCH This Week

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15997 HIGH This Week

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Contacts Backup Restore
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16227 HIGH PATCH This Week

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quagga Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-15998 HIGH This Week

In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Contacts Backup Restore
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy