Skip to main content
CVE-2016-7132 HIGH POC PATCH THREAT Act Now

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.1
7.5
EPSS
14.9%
CVE-2016-7131 HIGH POC PATCH This Week

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.1
7.5
EPSS
6.4%
CVE-2016-7133 HIGH POC PATCH This Week

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Integer Overflow Denial Of Service PHP
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-7130 HIGH POC PATCH This Week

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-7125 HIGH POC PATCH This Week

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Code Injection
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6371 HIGH This Week

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.0
7.5
EPSS
7.3%
CVE-2016-1469 HIGH This Week

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Spa300 Firmware Spa500 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2016-6399 HIGH This Week

Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ace Application Control Engine Module A1 Ace Application Control Engine Module A3 Ace Application Control Engine Module A4 +6
NVD
CVSS 3.0
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy