Skip to main content
CVE-2016-10134 CRITICAL POC THREAT Emergency

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

SQLi Zabbix PHP
NVD
CVSS 3.0
9.8
EPSS
86.2%
Threat
6.0
CVE-2017-5344 CRITICAL POC Act Now

An issue was discovered in dotCMS through 3.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Dotcms
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
8.1%
CVE-2016-4861 CRITICAL POC PATCH Act Now

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Fedora Zend Framework
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2016-6233 CRITICAL POC PATCH Act Now

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Fedora Zend Framework
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-6870 CRITICAL PATCH Act Now

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-6875 CRITICAL PATCH Act Now

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6874 CRITICAL Act Now

The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6873 CRITICAL PATCH Act Now

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6872 CRITICAL PATCH Act Now

Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6871 CRITICAL PATCH Act Now

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-9814 CRITICAL PATCH Act Now

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Simplesamlphp Saml2
NVD
CVSS 3.0
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy