Skip to main content
CVE-2017-6182 CRITICAL POC THREAT Emergency

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Sophos Command Injection Web Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.9%
CVE-2017-7318 CRITICAL POC Act Now

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etherhaul Firmware
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2017-7324 CRITICAL POC Act Now

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Modx Revolution
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2017-7321 CRITICAL POC Act Now

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Modx Revolution
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2016-10308 CRITICAL POC Act Now

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Etherhaul Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-10307 CRITICAL POC Act Now

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apex Lynx Firmware Apex Orion Firmware Giga Lynx Firmware Giga Orion Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2016-10305 CRITICAL POC Act Now

Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apex Plus Firmware Apex Firmware Apex Lynx Firmware Apex Orion Firmware +7
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2014-9826 CRITICAL PATCH Act Now

ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2016-10306 CRITICAL Act Now

Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A600 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-10309 CRITICAL Act Now

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fibeair Ip 10 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy