Skip to main content
CVE-2017-17932 CRITICAL POC THREAT Emergency

A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Buffer Overflow RCE Denial Of Service Allmediaserver
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
77.4%
Threat
5.8
CVE-2017-5641 CRITICAL PATCH Act Now

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 48.5%.

Deserialization Java Apache RCE Flex Blazeds +1
NVD
CVSS 3.1
9.8
EPSS
48.5%
CVE-2014-8389 CRITICAL POC THREAT Emergency

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.0%.

Command Injection Bu 3026 Firmware Md 3025 Firmware Wl 2000Cam Firmware Poe 200Cam V2 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
14.0%
CVE-2017-15667 HIGH POC THREAT Act Now

In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Denial Of Service Sysgauge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.4%
CVE-2017-17959 CRITICAL POC Act Now

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17957 CRITICAL POC Act Now

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17951 CRITICAL POC Act Now

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17942 HIGH POC This Week

In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libtiff
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-17950 HIGH POC This Week

Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17960 HIGH POC This Week

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17939 HIGH POC This Week

PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Single Theater Booking Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17936 HIGH POC This Week

Vanguard Marketplace Digital Products PHP has CSRF via /search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Marketplace Digital Products Php
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17952 HIGH POC This Week

PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
8.6
EPSS
0.2%
CVE-2017-17941 HIGH POC This Week

PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Single Theater Booking Script
NVD GitHub
CVSS 3.0
7.2
EPSS
0.2%
CVE-2017-10910 MEDIUM POC PATCH This Month

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mqtt Js
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-7889 MEDIUM POC This Month

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Samsung Information Disclosure Android
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.3%
CVE-2017-17958 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17956 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17955 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17954 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17953 MEDIUM POC This Month

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17949 MEDIUM POC This Month

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Blog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17948 MEDIUM POC This Month

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17937 MEDIUM POC This Month

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Marketplace Digital Products Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17940 MEDIUM POC This Month

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Single Theater Booking Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17938 MEDIUM POC This Month

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Single Theater Booking Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-3637 HIGH This Week

SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Phpmybackuppro
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2017-15886 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Chat
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17967 MEDIUM This Month

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Wps Office
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-15892 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Chat
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy