Skip to main content
CVE-2017-15990 CRITICAL POC Act Now

Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Phpinventory
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
8.8%
CVE-2017-15993 CRITICAL POC Act Now

Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zomato Clone Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15992 CRITICAL POC Act Now

Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Website Broker Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15991 CRITICAL POC Act Now

Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Agent Zone
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15989 CRITICAL POC Act Now

Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Exam Test Application
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15988 CRITICAL POC Act Now

Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nice Php Faq Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15987 CRITICAL POC Act Now

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Fake Magazine Cover Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15986 CRITICAL POC Act Now

CPA Lead Reward Script allows SQL Injection via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cpa Lead Reward Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15985 CRITICAL POC Act Now

Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Basic B2B Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15984 CRITICAL POC Act Now

Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Creative Management System Lite
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15983 CRITICAL POC Act Now

MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mymagazine Magazine Blog Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15980 CRITICAL POC Act Now

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Us Zip Codes Database Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15979 CRITICAL POC Act Now

Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Shareet
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15978 CRITICAL POC Act Now

AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Erp Php Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15977 CRITICAL POC Act Now

Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Expiring Download Links
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15982 CRITICAL POC Act Now

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-15981 CRITICAL POC Act Now

Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Newspaper
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-15950 HIGH POC THREAT Act Now

Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Buffer Overflow RCE Syncbreeze
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
10.4%
CVE-2017-10953 HIGH PATCH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.5%.

RCE Command Injection Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
16.5%
CVE-2017-10940 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Path Traversal Docker RCE Triton Datacenter
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2017-15884 HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware Privilege Escalation Vagrant Vmware Fusion
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-10699 MEDIUM POC This Month

D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dsl 2740E Firmware
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-10954 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Internet Security 2018
NVD
CVSS 3.0
8.8
EPSS
6.3%
CVE-2017-14356 CRITICAL Act Now

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2015-9245 CRITICAL Act Now

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Openedge
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-1000257 CRITICAL Act Now

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2017-10948 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-10941 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-10947 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-10946 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-10945 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-14163 HIGH PATCH This Week

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation Information Disclosure Mahara
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1000256 HIGH This Week

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libvirt Debian Linux
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2017-3935 HIGH This Week

Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-10942 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-10944 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-10943 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14357 MEDIUM This Month

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14373 MEDIUM This Month

EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14358 MEDIUM This Month

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-3934 MEDIUM This Month

Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-1000383 MEDIUM This Month

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emacs
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1000382 MEDIUM This Month

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vim
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15273 MEDIUM PATCH This Month

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mahara
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-14752 MEDIUM PATCH This Month

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mahara
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-3933 MEDIUM PATCH This Month

Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Network Data Loss Prevention
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy