Skip to main content
CVE-2017-7154 MEDIUM POC This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Iphone Os Mac Os X Tvos
NVD Exploit-DB
CVSS 3.0
6.6
EPSS
0.1%
CVE-2015-7324 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Komento
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17907 MEDIUM POC This Month

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Car Rental Script
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17896 MEDIUM POC This Month

Readymade Job Site Script has XSS via the keyword parameter to the /job URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Basic Job Site Script
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17893 MEDIUM POC This Month

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Readymade Video Sharing Script
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17868 MEDIUM POC This Month

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liferay Portal
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17911 MEDIUM POC This Month

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Archon
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17869 MEDIUM POC This Month

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Mgl Instagram Gallery
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17832 MEDIUM POC PATCH This Month

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Monitoring Software
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17904 MEDIUM POC This Month

FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lynda Clone
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17927 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Professional Service Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-17924 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Professional Service Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-17926 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Professional Service Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-17929 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Professional Service Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17925 MEDIUM POC This Month

PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Professional Service Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17909 MEDIUM POC This Month

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Responsive Realestate Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-9608 MEDIUM PATCH This Month

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
8.9%
CVE-2017-17934 MEDIUM This Month

ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-17887 MEDIUM This Month

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17884 MEDIUM This Month

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17882 MEDIUM This Month

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17881 MEDIUM This Month

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17886 MEDIUM This Month

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-17885 MEDIUM This Month

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-7158 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-17914 MEDIUM This Month

In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-17883 MEDIUM This Month

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17844 MEDIUM This Month

An issue was discovered in Enigmail before 1.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17859 MEDIUM This Month

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Samsung Internet Browser
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2015-7666 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Payment Form For Paypal Pro
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2015-7667 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Resads
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-7668 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Easy2Map
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17843 MEDIUM This Month

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-17862 MEDIUM PATCH This Month

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1365 MEDIUM This Month

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1698 MEDIUM This Month

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-16768 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Mailplus Server
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-7152 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2017-1191 MEDIUM This Month

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Quality Manager Rational Team Concert +4
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy