VIR Vulnerability Intelligence Relay

Search

Found 4,137 results in 636ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-7228 high 8.2 9.2 EXPFIX debian debian 9y ago An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al…
CVE-2017-7397 high 7.5 8.5 EXP 9y ago BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This…
CVE-2017-7402 critical 9.8 10.0 EXP lucidcrew 9y ago Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, …
CVE-2014-1677 high 7.5 8.5 EXP 9y ago Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
CVE-2017-1001000 high 7.5 8.5 EXPFIX debian debian wordpress 9y ago The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows …
CVE-2014-3222 high 7.0 8.0 EXP huawei 9y ago In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key…
CVE-2017-2490 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2483 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2482 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2478 high 7.0 8.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2476 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2474 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2473 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2472 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2471 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-…
CVE-2017-2470 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2469 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2468 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2466 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2464 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2460 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2459 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2457 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitr…
CVE-2017-2456 high 7.0 8.0 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the …
CVE-2017-2455 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2454 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2447 high 8.1 9.1 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2446 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo…
CVE-2017-2443 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi…
CVE-2015-4624 high 7.5 8.5 EXP 9y ago Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVE-2017-6412 high 8.1 9.1 EXP sophos 9y ago In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
CVE-2017-6182 critical 9.8 10.0 EXP sophos 9y ago In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVE-2017-7310 high 7.8 8.8 EXP flexense 9y ago A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se…
CVE-2017-7308 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in…
CVE-2017-7285 high 7.5 8.5 EXP 9y ago A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, prevent…
CVE-2017-5671 high 8.8 9.8 EXP 9y ago Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic…
CVE-2017-7183 high 7.5 8.5 EXP extraputty 9y ago The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
CVE-2017-6542 critical 9.8 10.0 EXPFIX suse susedebian debian putty 9y ago The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect…
CVE-2016-10225 high 7.8 8.8 EXP 9y ago The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
CVE-2017-5899 high 7.0 8.0 EXPFIX debian debian s-nail_project 9y ago Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
CVE-2017-5850 high 7.5 8.5 EXP freebsd freebsd 9y ago httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
CVE-2017-2641 critical 9.8 10.0 EXP moodle 9y ago Moodle SQL injection via user preferences
CVE-2017-7240 high 7.5 8.5 EXP 9y ago An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefor…
CVE-2017-6087 high 8.8 9.8 EXP eonweb_project 9y ago EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3…
CVE-2017-5869 high 8.8 9.8 EXP nuxeo 9y ago Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in …
CVE-2015-8556 critical 10.0 10.0 EXPFIX slesdebian debian qemu 9y ago Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVE-2014-7279 critical 9.8 10.0 EXP 9y ago The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
CVE-2017-6361 critical 9.8 10.0 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2017-6360 critical 9.8 10.0 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
CVE-2017-6359 critical 9.8 10.0 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
CVE-2017-6191 high 7.8 8.8 EXP apng_disassembler_project 9y ago Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
CVE-2017-5227 high 7.5 8.5 EXP 9y ago QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration…
CVE-2017-6972 critical 9.8 10.0 EXP alienvaultnfsen 9y ago AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulne…
CVE-2017-7230 critical 9.8 10.0 EXP disksorter 9y ago A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
CVE-2017-6971 high 8.8 9.8 EXP alienvaultnfsen 9y ago AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving t…
CVE-2017-6970 high 8.4 9.4 EXP alienvaultnfsen 9y ago AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
CVE-2016-6816 high 7.1 8.1 EXPFIX slesdebian debian apache 9y ago The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
CVE-2017-6803 high 8.8 9.8 EXP solarwinds 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication…
CVE-2017-6550 critical 9.8 10.0 EXP kinsey 9y ago Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) …
CVE-2017-6178 high 7.8 8.8 EXP usbpcap_project 9y ago The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
CVE-2017-5930 low 2.7 3.7 EXPFIX suse susedebian debian postfixadmin_project 9y ago The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch…
CVE-2017-7178 high 8.8 9.8 EXPFIX debian debian deluge-torrent 9y ago CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) caus…
CVE-2017-6880 critical 9.8 10.0 EXP cerberus 9y ago Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
CVE-2015-3884 high 8.8 9.8 EXP qdpm 9y ago Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute…
CVE-2014-8722 high 7.5 8.5 EXP get-simple 9y ago GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x…
CVE-2017-0108 high 7.8 8.8 EXP windows windows microsoft 9y ago The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows…
CVE-2017-0103 high 7.0 8.0 EXP windows windows 9y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privi…
CVE-2017-0100 high 7.8 8.8 EXP windows windows 9y ago A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 201…
CVE-2017-0090 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0089 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0088 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote…
CVE-2017-0087 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0086 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0084 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…
CVE-2017-0083 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0072 high 8.8 9.8 EXP windows windows 9y ago Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Ex…
CVE-2017-0070 high 7.5 8.5 EXP windows windows microsoft 9y ago A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory i…
CVE-2017-6510 high 7.5 8.5 EXP efssoft 9y ago Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
CVE-2017-5496 critical 9.8 10.0 EXP sawmill 9y ago Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
CVE-2017-5359 high 7.5 8.5 EXP easycom-aura 9y ago EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
CVE-2017-5358 critical 9.8 10.0 EXP easycom-aura 9y ago Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (…
CVE-2017-6366 high 8.8 9.8 EXP 9y ago Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that pe…
CVE-2017-6060 high 7.8 8.8 EXPFIX arch archdebian debian artifex 9y ago Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-8024 high 8.1 9.1 EXP mcafee 9y ago Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit…
CVE-2016-8023 high 8.1 9.1 EXP mcafee 9y ago Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic…
CVE-2016-8022 high 7.5 8.5 EXP mcafee 9y ago Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den…
CVE-2016-8020 high 8.0 9.0 EXP mcafee 9y ago Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted …
CVE-2016-8016 low 3.4 4.4 EXP mcafee 9y ago Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR…
CVE-2017-6896 high 8.8 9.8 EXP 9y ago Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session…
CVE-2017-6398 high 8.8 9.8 EXP trendmicro 9y ago An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is …
CVE-2017-6367 high 7.5 8.5 EXP cerberusftp 9y ago In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
CVE-2013-4659 critical 9.8 10.0 EXP 9y ago Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U an…
CVE-2017-6823 high 8.8 9.8 EXP fiyo 9y ago Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
CVE-2017-6444 high 7.5 8.5 EXP 9y ago The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU…
CVE-2017-6506 critical 9.8 10.0 EXP azure_dex 9y ago In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that se…
CVE-2017-6427 high 7.5 8.5 EXP evostream 9y ago A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a…
CVE-2017-6465 critical 9.8 10.0 EXP ftpshell 9y ago Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leadin…
CVE-2017-6529 high 8.8 9.8 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
CVE-2017-6528 high 8.1 9.1 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
CVE-2017-6527 high 7.5 8.5 EXP dnatools 9y ago An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the…