Skip to main content
CVE-2016-8863 CRITICAL Act Now

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.4% and no vendor patch available.

Buffer Overflow RCE Denial Of Service Libupnp Debian Linux
NVD
CVSS 3.0
9.8
EPSS
24.4%
CVE-2016-7789 CRITICAL POC PATCH Act Now

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-3159 CRITICAL PATCH Act Now

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache Camel
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2016-9087 CRITICAL PATCH Act Now

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-9020 CRITICAL PATCH Act Now

SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-9019 CRITICAL PATCH Act Now

SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-7784 CRITICAL PATCH Act Now

SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-7788 CRITICAL PATCH Act Now

SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-7781 CRITICAL PATCH Act Now

SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-7780 CRITICAL PATCH Act Now

SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-7783 CRITICAL PATCH Act Now

SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-7782 CRITICAL PATCH Act Now

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-7145 CRITICAL PATCH Act Now

The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nefarious2
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy