Exploit Intelligence Platform

CVE-2017-1249 5.4 MEDIUM EPSS 0.00

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CWE-79 Jul 24, 2017

CVE-2017-1245 5.4 MEDIUM EPSS 0.00

IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580.

CWE-79 Jul 24, 2017

CVE-2016-8975 5.4 MEDIUM EPSS 0.00

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.

CWE-79 Jul 24, 2017

CVE-2016-6118 5.4 MEDIUM EPSS 0.00

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356.

CWE-79 Jul 24, 2017

CVE-2017-9554 5.3 MEDIUM EXPLOITED 4 PoCs Analysis EPSS 0.58

An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.

CWE-200 Jul 24, 2017

CVE-2017-11327 6.5 MEDIUM EPSS 0.00

An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.

CWE-200 Jul 24, 2017

CVE-2017-10711 6.1 MEDIUM EPSS 0.00

In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.

CWE-79 Jul 24, 2017

CVE-2017-11608 6.5 MEDIUM EPSS 0.01

There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.

CWE-125 Jul 24, 2017

CVE-2017-11605 6.5 MEDIUM EPSS 0.00

There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.

CWE-125 Jul 24, 2017

CVE-2017-11594 5.4 MEDIUM 1 Writeup EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment.

CWE-79 Jul 24, 2017

CVE-2017-11593 6.1 MEDIUM 1 Writeup EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization.

CWE-79 Jul 24, 2017

CVE-2017-11586 6.1 MEDIUM NUCLEI EPSS 0.07

dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.

CWE-601 Jul 24, 2017

CVE-2017-11581 6.1 MEDIUM EPSS 0.00

dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.

CWE-79 Jul 24, 2017

CVE-2017-11576 5.5 MEDIUM EPSS 0.00

FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.

CWE-119 Jul 23, 2017

CVE-2017-11540 6.5 MEDIUM EPSS 0.00

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.

CWE-125 Jul 23, 2017

CVE-2017-11539 6.5 MEDIUM EPSS 0.00

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.

CWE-772 Jul 23, 2017

CVE-2017-11538 6.5 MEDIUM EPSS 0.00

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.

CWE-772 Jul 23, 2017

CVE-2017-11537 6.5 MEDIUM EPSS 0.00

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.

CWE-682 Jul 23, 2017

CVE-2017-11536 6.5 MEDIUM EPSS 0.00

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.

CWE-772 Jul 23, 2017

CVE-2017-11535 6.5 MEDIUM EPSS 0.00

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.

CWE-125 Jul 23, 2017