Skip to main content
CVE-2016-5674 CRITICAL POC THREAT Emergency

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Netgear PHP RCE Readynas Surveillance Nvrmini 2 +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.4%
Threat
6.1
CVE-2016-5675 CRITICAL POC THREAT Emergency

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear PHP RCE Readynas Surveillance Crystal +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
73.1%
Threat
5.7
CVE-2016-5676 HIGH POC THREAT Act Now

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.2%.

Netgear Authentication Bypass Readynas Surveillance Nvrsolo Nvrmini 2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.2%
Threat
5.3
CVE-2016-5678 CRITICAL POC THREAT Emergency

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Authentication Bypass Nvrmini 2 Nvrsolo
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.2%
Threat
4.6
CVE-2016-5680 HIGH POC THREAT Act Now

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Netgear Buffer Overflow RCE Nvrmini 2 Readynas Surveillance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.3%
Threat
4.3
CVE-2016-5679 HIGH POC THREAT Act Now

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection Netgear Nvrmini 2 Readynas Surveillance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
15.5%
CVE-2016-5677 HIGH POC THREAT Act Now

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Netgear PHP Information Disclosure Readynas Surveillance Nvrmini 2 +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
19.2%
CVE-2016-5336 CRITICAL PATCH Act Now

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE VMware Vrealize Automation
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-5333 CRITICAL Act Now

VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Photon Os
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-5335 HIGH PATCH This Week

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure VMware Identity Manager Vrealize Automation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-7118 MEDIUM This Month

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Debian Denial Of Service Linux Null Pointer Dereference Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7119 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5332 MEDIUM PATCH This Month

Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal VMware Vrealize Log Insight
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy