Skip to main content
CVE-2015-8279 HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.9%.

PHP Privilege Escalation Samsung Web Viewer
NVD
CVSS 3.0
8.6
EPSS
67.9%
Threat
5.3
CVE-2015-3946 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webaccess
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-5007 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Websphere Commerce
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0858 HIGH This Week

Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Webaccess
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2015-6467 HIGH This Week

Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Webaccess
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2015-3947 HIGH This Week

SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-0855 HIGH This Week

Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2015-8280 HIGH This Week

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Web Viewer
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-0860 HIGH This Week

Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Webaccess
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-6320 HIGH This Week

The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Aironet Access Point Software
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-0853 HIGH This Week

Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-0851 HIGH This Week

Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Webaccess
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-0852 HIGH This Week

Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Webaccess
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-8281 HIGH This Week

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Web Viewer
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-6336 HIGH This Week

Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Aironet Access Point Software
NVD
CVSS 3.0
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy