Skip to main content
CVE-2017-16758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Ultimate Instagram Feed
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-16672 MEDIUM This Month

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.0
5.9
EPSS
5.3%
CVE-2017-16759 MEDIUM PATCH This Month

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Librenms
NVD GitHub
CVSS 3.0
5.9
EPSS
0.0%
CVE-2017-16711 MEDIUM This Month

The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-16673 MEDIUM PATCH This Month

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Backup Agent
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy