Skip to main content
CVE-2017-16522 HIGH POC This Week

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gpt 2541Gnac Firmware Dsl 100Hn T1 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-1000134 HIGH POC This Week

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-16237 HIGH POC This Week

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vir It Explorer
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-16516 HIGH POC PATCH This Week

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Yajl Ruby Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2017-16513 HIGH POC This Week

Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ws Ftp
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1000148 HIGH PATCH This Week

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP RCE Mahara
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-1000150 HIGH PATCH This Week

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation Information Disclosure Mahara
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-1000139 HIGH PATCH This Week

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mahara
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-1000151 HIGH PATCH This Week

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mahara
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000133 HIGH PATCH This Week

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mahara
NVD
CVSS 3.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy