Skip to main content
CVE-2016-6600 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.6%.

Path Traversal File Upload Zoho Webnms Framework
NVD GitHub Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
90.6%
Threat
6.2
CVE-2016-4010 CRITICAL POC PATCH THREAT Act Now

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.9%.

RCE Adobe PHP Magento
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
86.9%
Threat
6.1
CVE-2016-6603 CRITICAL POC THREAT Emergency

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.3%.

Authentication Bypass Zoho Webnms Framework
NVD GitHub Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
70.3%
Threat
5.6
CVE-2016-6602 CRITICAL POC THREAT Emergency

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%.

Information Disclosure Zoho Webnms Framework
NVD GitHub Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
47.8%
Threat
4.9
CVE-2016-7567 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Buffer Overflow Openslp
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
10.8%
CVE-2016-2242 CRITICAL POC Act Now

Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Exponent Cms
NVD VulDB
CVSS 3.0
9.8
EPSS
9.6%
CVE-2016-5873 CRITICAL POC PATCH Act Now

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Pecl Http
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
4.7%
CVE-2015-8972 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Chess
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2016-6517 CRITICAL POC Act Now

Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Liferay
NVD VulDB
CVSS 3.0
9.8
EPSS
1.3%
CVE-2015-8857 CRITICAL POC PATCH Act Now

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Uglifyjs
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2016-3147 CRITICAL Act Now

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Landesk Management Suite
NVD VulDB
CVSS 3.1
9.8
EPSS
7.6%
CVE-2017-5539 CRITICAL PATCH Act Now

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal B2Evolution
NVD GitHub VulDB
CVSS 3.0
9.1
EPSS
7.4%
CVE-2017-5574 CRITICAL PATCH Act Now

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Genixcms
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
3.4%
CVE-2014-8362 CRITICAL Act Now

Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sky Control Panel Firmware
NVD VulDB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-2783 CRITICAL Act Now

Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vsp Operating System Software
NVD VulDB
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-5569 CRITICAL Act Now

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Patient Portal
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-5742 CRITICAL Act Now

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Movable Type Movable Type Open Source
NVD VulDB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-1925 CRITICAL Act Now

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Lha For Unix
NVD VulDB
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-6164 CRITICAL Act Now

Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Ffmpeg
NVD VulDB
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-5575 CRITICAL PATCH Act Now

SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Genixcms
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-3177 CRITICAL PATCH Act Now

Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Giflib
NVD VulDB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-10157 CRITICAL Act Now

Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Netsession Akamai
NVD VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-7036 CRITICAL PATCH Act Now

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Python Jose
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-9081 CRITICAL PATCH Act Now

Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Joomla
NVD VulDB
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-6223 CRITICAL PATCH Act Now

The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libtiff
NVD VulDB
CVSS 3.0
9.1
EPSS
1.2%
CVE-2016-6582 CRITICAL PATCH Act Now

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Doorkeeper
NVD GitHub VulDB
CVSS 3.0
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy