Latest CVE Feed
-
5.5
MEDIUMCVE-2017-16711
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefini... Read more
Affected Products : swftools- EPSS Score: %0.44
- Published: Nov. 09, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2017-5480
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.... Read more
Affected Products : b2evolution- EPSS Score: %0.32
- Published: Jan. 15, 2017
- Modified: Apr. 20, 2025
-
7.1
HIGHCVE-2017-5228
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary ... Read more
Affected Products : metasploit- EPSS Score: %0.30
- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
7.3
HIGHCVE-2017-4987
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on th... Read more
- EPSS Score: %0.07
- Published: Jun. 19, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-1613
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.... Read more
Affected Products : connections- EPSS Score: %0.32
- Published: Dec. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-15959
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.... Read more
Affected Products : adultscriptpro- EPSS Score: %2.34
- Published: Oct. 29, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-15937
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).... Read more
Affected Products : pandora_fms- EPSS Score: %0.31
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2017-15884
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.... Read more
Affected Products : vagrant_vmware_fusion- EPSS Score: %0.08
- Published: Oct. 31, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-15885
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.... Read more
- EPSS Score: %0.22
- Published: Oct. 25, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-15813
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.... Read more
Affected Products : android- EPSS Score: %0.18
- Published: Dec. 05, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-15812
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.... Read more
- EPSS Score: %0.20
- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-15811
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.... Read more
Affected Products : pootle_button- EPSS Score: %0.20
- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15779
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."... Read more
- EPSS Score: %0.36
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15802
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more
- EPSS Score: %0.19
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15801
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more
- EPSS Score: %0.19
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15786
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."... Read more
- EPSS Score: %0.19
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15784
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."... Read more
- EPSS Score: %0.36
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15778
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."... Read more
- EPSS Score: %0.19
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15749
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADI... Read more
- EPSS Score: %0.10
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-15742
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d2328."... Read more
- EPSS Score: %0.10
- Published: Oct. 22, 2017
- Modified: Apr. 20, 2025