Skip to main content
CVE-2016-9269 CRITICAL POC PATCH Act Now

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
6.8%
CVE-2017-6095 CRITICAL POC Act Now

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
6.9%
CVE-2016-9053 CRITICAL POC Act Now

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Database Server
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2016-9051 CRITICAL POC Act Now

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Database Server
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2016-9315 HIGH POC This Week

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2017-6070 CRITICAL POC Act Now

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Form Builder Cms Made Simple
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-6127 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dg Hr1400 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6098 HIGH POC This Week

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
5.4%
CVE-2017-5881 HIGH POC This Week

GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Gom Player
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.2%
CVE-2017-6097 HIGH POC This Week

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
4.6%
CVE-2016-9314 HIGH POC PATCH This Week

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2017-6096 HIGH POC This Week

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mail Masta
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
3.4%
CVE-2016-9049 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Database Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2016-10227 HIGH POC PATCH This Week

Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Usg50 Firmware Nwa3560 N Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-5959 CRITICAL PATCH Act Now

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Genixcms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-6078 MEDIUM POC This Month

FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Maxview
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9316 MEDIUM POC PATCH This Month

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-6071 MEDIUM POC This Month

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Form Builder Cms Made Simple
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-6072 MEDIUM POC This Month

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Form Builder Cms Made Simple
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-4057 HIGH This Week

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Vce Vision Intelligent Operations
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-4056 MEDIUM This Month

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vce Vision Intelligent Operations
NVD
CVSS 3.1
6.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy