Skip to main content
CVE-2016-10108 CRITICAL POC THREAT Emergency

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.8%.

Command Injection PHP Mycloud Nas
NVD
CVSS 3.0
9.8
EPSS
91.8%
Threat
6.2
CVE-2016-10107 CRITICAL POC THREAT Emergency

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Command Injection PHP Mycloud Nas
NVD
CVSS 3.0
9.8
EPSS
11.4%
CVE-2016-10105 CRITICAL PATCH Act Now

admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE PHP Information Disclosure Piwigo
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-10106 MEDIUM PATCH This Month

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netgear Fvs336Gv3 Firmware Srx5308 Firmware Fvs318Gv2 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-5024 MEDIUM This Month

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD
CVSS 3.0
5.9
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy