Skip to main content
CVE-2017-17992 CRITICAL POC Act Now

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-17983 HIGH POC This Week

PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17990 HIGH POC This Week

Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-14855 HIGH POC This Week

Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hmi Panel Firmware
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2017-17987 HIGH POC This Week

PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
7.2
EPSS
0.3%
CVE-2017-17982 MEDIUM POC This Month

PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-17995 MEDIUM POC This Month

Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17994 MEDIUM POC This Month

Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17993 MEDIUM POC This Month

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17991 MEDIUM POC This Month

Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17989 MEDIUM POC This Month

Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Biometric Shift Employee Management System
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17981 MEDIUM POC This Month

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17988 MEDIUM POC This Month

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17986 MEDIUM POC This Month

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17985 MEDIUM POC This Month

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17984 MEDIUM POC This Month

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Muslim Matrimonial Script
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-17997 HIGH PATCH This Week

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-12813 MEDIUM This Month

PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Phpjabbers File Sharing Script
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12812 MEDIUM This Month

PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Phpjabbers Night Club Booking Software
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12811 MEDIUM This Month

PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Phpjabbers Star Rating Script
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12810 MEDIUM This Month

PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpjabbers Newsletter Script
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10704 MEDIUM PATCH This Month

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2017-17975 MEDIUM This Month

Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-17089 MEDIUM PATCH This Month

custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmin
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy