Skip to main content
CVE-2016-0854 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%.

File Upload Webaccess
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
72.2%
Threat
5.6
CVE-2016-1909 CRITICAL POC THREAT Emergency

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%.

Privilege Escalation Fortinet Fortios
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
78.6%
Threat
5.8
CVE-2016-0856 CRITICAL Emergency

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 51.5% and no vendor patch available.

RCE Buffer Overflow Webaccess
NVD
CVSS 3.0
9.8
EPSS
51.5%
CVE-2016-0857 CRITICAL Act Now

Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2015-6323 CRITICAL Act Now

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine Software
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-0859 CRITICAL Act Now

Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Webaccess
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2015-6314 CRITICAL Act Now

Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Wireless Lan Controller Software
NVD
CVSS 3.0
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy