Skip to main content
CVE-2017-16524 HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.7%.

Samsung PHP File Upload Web Viewer
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
74.7%
Threat
5.5
CVE-2017-14016 MEDIUM POC THREAT This Month

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Buffer Overflow RCE Stack Overflow Webaccess
NVD Exploit-DB
CVSS 3.0
6.3
EPSS
19.2%
CVE-2017-16570 HIGH POC PATCH This Week

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Keystone
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-16565 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-16563 HIGH POC This Week

Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ht802 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2017-16001 HIGH POC This Week

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Hashicorp VMware Privilege Escalation Vagrant
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6331 HIGH POC This Week

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.8%
CVE-2017-16548 CRITICAL Act Now

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Rsync Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2017-16638 CRITICAL Act Now

The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vde
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-16636 MEDIUM POC This Month

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-16564 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ht802 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-15672 HIGH This Week

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-16547 HIGH PATCH This Week

The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-12719 HIGH This Week

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-14029 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vtscada
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13681 HIGH This Week

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7529 HIGH PATCH This Week

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Sos Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14031 HIGH This Week

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vtscada
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7425 HIGH This Week

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Imanager
NVD
CVSS 3.0
7.6
EPSS
0.5%
CVE-2017-11177 HIGH This Week

TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Triton Ap Email
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14025 MEDIUM This Month

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Fox515T Firmware
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-13680 MEDIUM This Month

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Protection
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15306 MEDIUM PATCH This Month

The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-14023 MEDIUM This Month

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs7 Simatic Wincc
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2017-16635 MEDIUM This Month

In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tinywebgallery
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-7878 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Taxonomy Find
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-15039 MEDIUM This Month

Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Zurmo Crm
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-16569 MEDIUM This Month

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect PHP Zurmo Crm
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2017-16637 MEDIUM This Month

In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vpn Manager
NVD
CVSS 3.0
4.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy