Skip to main content
CVE-2017-17746 MEDIUM POC This Month

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2017-17747 MEDIUM POC This Month

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Denial Of Service Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17780 MEDIUM POC PATCH This Month

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress PHP Booking Calendar Sms Clockwork Sms Notfications +6
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-17752 MEDIUM POC This Month

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ability Mail Server
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17775 MEDIUM POC This Month

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-5258 MEDIUM POC This Month

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epmp 1000 Firmware Epmp 2000 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17776 MEDIUM POC This Month

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Paid To Read Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-17778 MEDIUM POC This Month

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Paid To Read Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-16818 MEDIUM PATCH This Month

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ceph Fedora
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-14387 MEDIUM This Month

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Isilon Onefs
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-16584 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-16580 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-14820 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-14819 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-10956 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-16589 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-16588 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-16579 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-16574 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-16573 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14822 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14821 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-14818 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-1262 MEDIUM This Month

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17792 MEDIUM PATCH This Month

Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Blogotext
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-4940 MEDIUM This Month

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware ESXi
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-15532 MEDIUM This Month

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Messaging Gateway
NVD
CVSS 3.0
5.7
EPSS
0.7%
CVE-2017-17788 MEDIUM This Month

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gimp Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2017-1596 MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1595 MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5256 MEDIUM This Month

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epmp 1000 Firmware Epmp 2000 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1494 MEDIUM This Month

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1751 MEDIUM This Month

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1600 MEDIUM This Month

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12072 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology PHP Photo Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-5257 MEDIUM This Month

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epmp 1000 Firmware Epmp 2000 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17745 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS TP-Link Java Tl Sg108E Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1266 MEDIUM This Month

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-1423 MEDIUM This Month

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-16735 MEDIUM This Month

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Integraxor
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-16733 MEDIUM This Month

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Integraxor
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-1257 MEDIUM This Month

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy