Skip to main content
CVE-2017-17731 CRITICAL POC THREAT Emergency

DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.2%.

SQLi PHP Dedecms
NVD
CVSS 3.0
9.8
EPSS
90.2%
Threat
6.2
CVE-2017-17733 CRITICAL POC THREAT Emergency

Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.8%.

PHP Information Disclosure Maccms
NVD
CVSS 3.0
9.8
EPSS
31.8%
Threat
4.4
CVE-2017-17739 CRITICAL POC THREAT Emergency

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

Path Traversal 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
Threat
4.1
CVE-2017-17721 CRITICAL POC Act Now

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Beims Contractorweb Net
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.9%
CVE-2017-17738 HIGH POC THREAT Act Now

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Information Disclosure 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-17651 CRITICAL POC Act Now

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Paid To Read Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17645 CRITICAL POC Act Now

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bus Booking Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-17643 CRITICAL POC Act Now

FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lynda Clone
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2017-17730 CRITICAL POC Act Now

DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dedecms
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17649 MEDIUM POC This Month

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Readymade Video Sharing Script
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-17737 MEDIUM POC This Month

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17735 CRITICAL Act Now

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cms Made Simple
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17734 CRITICAL Act Now

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cms Made Simple
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-15103 HIGH PATCH This Week

A security-check flaw was found in the way the Heketi 5 server API handled user requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Heketi Enterprise Linux
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-17727 HIGH This Week

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Dedecms
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-15700 HIGH PATCH This Week

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Sling Authentication Service
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17740 HIGH PATCH This Week

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Openldap Leap Blockchain Platform +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2017-16997 HIGH PATCH This Week

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Glibc Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-15104 HIGH PATCH This Week

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Information Disclosure Heketi Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14583 MEDIUM This Month

NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-17741 MEDIUM PATCH This Month

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-12630 MEDIUM PATCH This Month

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Drill
NVD
CVSS 3.0
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy