Skip to main content
CVE-2016-6267 HIGH POC PATCH THREAT Act Now

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Trend Micro PHP Information Disclosure Smart Protection Server
NVD
CVSS 3.1
8.8
EPSS
72.5%
Threat
5.4
CVE-2015-7978 HIGH Act Now

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.5% and no vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
7.5
EPSS
42.5%
CVE-2016-6270 HIGH POC This Week

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Virtual Mobile Infrastructure
NVD
CVSS 3.1
8.8
EPSS
8.4%
CVE-2016-10181 HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
12.1%
CVE-2016-10179 HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
12.0%
CVE-2016-6266 HIGH POC PATCH This Week

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro PHP Information Disclosure Smart Protection Server
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2015-2180 HIGH POC This Week

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webmail
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2015-2181 HIGH POC This Week

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Webmail
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-10184 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-10183 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-10180 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.5%
CVE-2016-10186 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-10185 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-2399 HIGH POC This Week

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libquicktime
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2016-6167 HIGH POC This Week

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Putty
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-6268 HIGH POC PATCH This Week

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Trend Micro Privilege Escalation Smart Protection Server
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-7798 HIGH POC PATCH This Week

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass OpenSSL Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2016-9939 HIGH PATCH This Week

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Crypto Debian Linux
NVD
CVSS 3.0
7.5
EPSS
5.9%
CVE-2015-7979 HIGH This Week

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2016-7544 HIGH PATCH This Week

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Crypto
NVD GitHub
CVSS 3.0
7.5
EPSS
3.3%
CVE-2017-5627 HIGH This Week

An issue was discovered in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mujs
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5628 HIGH This Week

An issue was discovered in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mujs
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-10087 HIGH This Week

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libpng
NVD
CVSS 3.0
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy