Exploit Intelligence Platform

CVE-2017-12139 6.1 MEDIUM EPSS 0.00

XOOPS Core 2.5.8 - Stored XSS

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

CWE-79 Aug 02, 2017

CVE-2017-12138 6.1 MEDIUM NUCLEI EPSS 0.12

XOOPS Core 2.5.8 - Open Redirect

XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.

CWE-601 Aug 02, 2017

CVE-2017-8572 5.5 MEDIUM EPSS 0.16

Microsoft Outlook - Information Disclosure

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".

CWE-200 Aug 01, 2017

CVE-2017-1500 6.1 MEDIUM EPSS 0.00

IBM Mobilefirst Platform Foundation - XSS

A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.

CWE-79 Aug 01, 2017

CVE-2017-4922 6.5 MEDIUM EPSS 0.00

VMware vCenter Server <6.5 U1 - Info Disclosure

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.

CWE-200 Aug 01, 2017

CVE-2017-12132 5.9 MEDIUM EPSS 0.00

GNU C Library <2.26 - DoS

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

CWE-770 Aug 01, 2017

CVE-2017-12062 6.1 MEDIUM 1 Writeup EPSS 0.01

MantisBT <2.5.2 - XSS

An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.

CWE-79 Aug 01, 2017

CVE-2017-12061 6.1 MEDIUM 1 Writeup EPSS 0.01

MantisBT <1.3.12, 2.x <2.5.2 - XSS

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP.

CWE-79 Aug 01, 2017

CVE-2017-11136 6.5 MEDIUM EPSS 0.00

heinekingmedia StashCat - Info Disclosure

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backend, too. Moreover, the key to decrypt the private key is composed of the first 32 bytes of the SHA-512 hash of the user password. But this hash is stored on the backend, too. Therefore, everyone with access to the backend database can read the transmitted secret for symmetric encryption, hence can read the communication.

Aug 01, 2017

CVE-2017-11134 6.5 MEDIUM EPSS 0.00

Stashcat Heinekingmedia < 1.7.5 - Log Information Exposure

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.

CWE-532 Aug 01, 2017

CVE-2017-11131 5.9 MEDIUM EPSS 0.00

heinekingmedia StashCat - Info Disclosure

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash.

CWE-916 Aug 01, 2017

CVE-2015-5059 5.3 MEDIUM 1 Writeup EPSS 0.01

Mantisbt < 1.2.19 - Information Disclosure

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.

CWE-200 Aug 01, 2017

CVE-2017-11552 6.5 MEDIUM 1 PoC Analysis EPSS 0.07

mpg321 <0.3.2-1 - Memory Corruption

mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file.

CWE-119 Aug 01, 2017

CVE-2017-12131 6.1 MEDIUM 1 Writeup EPSS 0.00

Easy Testimonials plugin 3.0.4 - WordPress - XSS

The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.

CWE-79 Aug 01, 2017

CVE-2017-12068 6.1 MEDIUM 1 Writeup EPSS 0.00

WordPress Event List <0.7.9 - XSS

The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.

CWE-79 Aug 01, 2017

CVE-2017-12066 5.4 MEDIUM 1 Writeup EPSS 0.00

Cacti <1.1.16 - XSS

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.

CWE-79 Aug 01, 2017

CVE-2017-11727 6.1 MEDIUM EPSS 0.00

ConnectWise Manage <2017.5 - XSS

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.

CWE-79 Jul 31, 2017

CVE-2017-1496 5.4 MEDIUM EPSS 0.00

IBM Sterling B2b Integrator - XSS

IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694.

CWE-79 Jul 31, 2017

CVE-2017-1386 5.9 MEDIUM EPSS 0.00

IBM API Connect 5.0.0.0 - Auth Bypass

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

CWE-521 Jul 31, 2017

CVE-2017-1370 4.9 MEDIUM EPSS 0.00

IBM Jazz Reporting Service <6.0 - Info Disclosure

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.

CWE-209 Jul 31, 2017

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps