Skip to main content
CVE-2015-8969 CRITICAL POC PATCH Act Now

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Fastclone
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2016-6448 CRITICAL Act Now

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Buffer Overflow RCE Meeting Server
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2016-6447 CRITICAL Act Now

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Buffer Overflow RCE Meeting App Meeting Server
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2016-6441 CRITICAL Act Now

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Buffer Overflow Ios Xe
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2016-7095 CRITICAL Act Now

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-6452 CRITICAL Act Now

A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Home
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2016-7453 CRITICAL PATCH Act Now

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-7402 CRITICAL Act Now

SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SAP SQLi Adaptive Server Enterprise
NVD
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy