Skip to main content
CVE-2017-6182 CRITICAL POC THREAT Emergency

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Sophos Command Injection Web Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.9%
CVE-2017-7318 CRITICAL POC Act Now

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etherhaul Firmware
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2017-7324 CRITICAL POC Act Now

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Modx Revolution
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2017-7321 CRITICAL POC Act Now

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Modx Revolution
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2016-10308 CRITICAL POC Act Now

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Etherhaul Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-10307 CRITICAL POC Act Now

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apex Lynx Firmware Apex Orion Firmware Giga Lynx Firmware Giga Orion Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2016-10305 CRITICAL POC Act Now

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apex Plus Firmware Apex Firmware Apex Lynx Firmware Apex Orion Firmware +7
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2017-7253 HIGH POC This Week

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dahua Ip Camera Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-7323 HIGH POC This Week

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Modx Revolution
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2017-6412 HIGH POC This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Sophos Information Disclosure Web Appliance
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-7322 HIGH POC This Week

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Modx Revolution
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2017-7290 HIGH POC This Week

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xoops
NVD GitHub
CVSS 3.0
7.2
EPSS
0.6%
CVE-2014-9826 CRITICAL PATCH Act Now

ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2017-7320 MEDIUM POC This Month

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Denial Of Service PHP Modx Revolution
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-10306 CRITICAL Act Now

Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A600 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-10309 CRITICAL Act Now

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fibeair Ip 10 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2014-9825 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9824 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9823 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9822 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9821 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9820 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9819 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-9817 HIGH PATCH This Week

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Imagemagick
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-6183 HIGH This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2014-9804 HIGH PATCH This Week

vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2017-5185 HIGH This Week

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sentinel
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-7541 MEDIUM This Month

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2014-9809 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2014-9807 MEDIUM PATCH This Month

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-9813 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-9811 MEDIUM PATCH This Month

The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-9818 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9816 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9815 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9814 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9812 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9810 MEDIUM PATCH This Month

The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9808 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9806 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9805 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-7346 MEDIUM PATCH This Month

The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5184 MEDIUM This Month

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sentinel
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-7542 MEDIUM This Month

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-6184 MEDIUM This Month

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
4.7
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy