Skip to main content
CVE-2017-6077 CRITICAL POC KEV THREAT Emergency

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.1%
Threat
7.5
CVE-2017-6187 CRITICAL POC THREAT Emergency

Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.4%.

Buffer Overflow RCE Disksavvy Enterprise
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
69.4%
Threat
5.5
CVE-2017-5586 CRITICAL POC THREAT Emergency

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

Java Apache Information Disclosure Documentum D2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
35.3%
Threat
4.5
CVE-2016-9683 CRITICAL POC THREAT Emergency

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.0%.

Command Injection Sonicwall Sonicwall Secure Remote Access Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
22.0%
Threat
4.1
CVE-2016-9682 CRITICAL POC THREAT Emergency

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

Command Injection Sonicwall Sonicwall Secure Remote Access Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.5%
Threat
4.0
CVE-2016-9684 CRITICAL POC THREAT Emergency

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

Command Injection Sonicwall Sonicwall Secure Remote Access Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.5%
CVE-2016-9400 CRITICAL PATCH Act Now

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Teeworlds Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2016-1245 CRITICAL PATCH Act Now

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Quagga Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-2684 CRITICAL Act Now

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Logon
NVD
CVSS 3.0
9.0
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy