Security Vulnerabilities - CVEs Published In 2017
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
CVSS Score
9.8
EPSS Score
0.034
Published
2017-11-17
jqueryFileTree 2.1.5 and older Directory Traversal
CVSS Score
7.5
EPSS Score
0.9
Published
2017-11-17
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
CVSS Score
4.8
EPSS Score
0.003
Published
2017-11-17
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-11-17
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-11-17
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
CVSS Score
5.4
EPSS Score
0.011
Published
2017-11-17
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.832
Published
2017-11-17
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-11-17