Skip to main content
CVE-2017-17830 MEDIUM POC This Month

Bus Booking Script has CSRF via admin/new_master.php. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bus Booking Script
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-17826 MEDIUM POC This Month

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17819 MEDIUM POC PATCH This Month

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17815 MEDIUM POC PATCH This Month

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17812 MEDIUM POC PATCH This Month

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17810 MEDIUM POC PATCH This Month

In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17811 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17820 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17817 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17816 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17814 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17813 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Netwide Assembler Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-17824 MEDIUM POC PATCH This Month

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-17823 MEDIUM POC This Month

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-17828 MEDIUM POC This Month

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Busbooking Script
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2017-17825 MEDIUM POC This Month

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-4100 MEDIUM This Month

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2017-6134 MEDIUM This Month

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +7
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2017-6136 MEDIUM This Month

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +7
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-6139 MEDIUM This Month

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-14363 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Operations Manager I
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-0304 MEDIUM This Month

A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Big Ip Advanced Firewall Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17822 MEDIUM This Month

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Piwigo
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy