Skip to main content
CVE-2016-7552 CRITICAL POC THREAT Emergency

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Path Traversal Trend Micro Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
93.0%
Threat
6.2
CVE-2016-7547 CRITICAL POC THREAT Emergency

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Trend Micro Information Disclosure Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
89.4%
Threat
6.1
CVE-2017-7722 CRITICAL POC PATCH THREAT Act Now

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

Command Injection Log Event Manager
NVD
CVSS 3.0
10.0
EPSS
49.9%
Threat
5.0
CVE-2017-3061 CRITICAL POC THREAT Emergency

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

Buffer Overflow RCE Adobe Flash Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
Threat
5.1
CVE-2016-6808 CRITICAL POC THREAT Emergency

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.5%.

Buffer Overflow Tomcat Apache Tomcat Jk Connector
NVD
CVSS 3.0
9.8
EPSS
29.5%
Threat
4.3
CVE-2017-7588 CRITICAL POC THREAT Emergency

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

Authentication Bypass Mfc Firmware Dcp Firmware Ads Firmware Hl Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
16.6%
Threat
4.0
CVE-2017-7280 CRITICAL POC THREAT Emergency

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE PHP Enterprise Backup
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2016-4337 CRITICAL POC Act Now

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Photostore
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2015-7564 CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Teampass
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-7719 CRITICAL POC Act Now

SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Spider Event Calendar
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-3060 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Information Disclosure Flash Player
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2017-7279 CRITICAL Act Now

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Backup
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2017-3063 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3062 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3059 CRITICAL Act Now

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Adobe Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-3037 CRITICAL Act Now

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Acrobat Acrobat Dc +2
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2017-2989 CRITICAL Act Now

Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Campaign
NVD
CVSS 3.0
9.1
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy