Skip to main content
CVE-2017-16959 MEDIUM POC This Month

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Path Traversal Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-16961 MEDIUM POC This Month

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bigtree Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-16994 MEDIUM POC PATCH This Month

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.8%
CVE-2017-16962 MEDIUM POC This Month

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Google Communigate Pro
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-16956 MEDIUM POC This Month

b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15051 MEDIUM POC PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-15053 MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-15052 MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-9316 MEDIUM PATCH This Month

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

RCE Authentication Bypass Dahua Nvr11Hs Firmware Ipc Hdw4300S Firmware +7
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2017-1628 MEDIUM This Month

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-15100 MEDIUM PATCH This Month

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Foreman Satellite Satellite Capsule
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-8044 MEDIUM This Month

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Single Sign On For Pivotal Cloud Foundry
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-8039 MEDIUM PATCH This Month

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Spring Web Flow
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-1689 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1688 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1678 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1650 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1607 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1593 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1560 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1461 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-8031 MEDIUM PATCH This Month

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Cf Release Uaa Release
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2017-1283 MEDIUM This Month

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-1484 MEDIUM This Month

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1570 MEDIUM This Month

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1240 MEDIUM This Month

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1251 MEDIUM This Month

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-6024 MEDIUM This Month

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Quality Manager Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-7269 MEDIUM This Month

Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED). Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Lenovo St500Lt015 Firmware
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2015-7268 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung Dell Authentication Bypass +4
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2015-7267 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung Lenovo 850 Pro Firmware +3
NVD
CVSS 3.0
4.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy