Skip to main content
CVE-2016-2555 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

SQLi PHP Atutor
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2016-7834 HIGH POC PATCH THREAT Act Now

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.5%.

Information Disclosure Snc Series Firmware
NVD
CVSS 3.0
8.8
EPSS
39.5%
Threat
4.4
CVE-2015-8282 CRITICAL POC THREAT Emergency

SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Authentication Bypass Spectrum Sdc
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.6%
Threat
4.2
CVE-2015-8271 CRITICAL POC Act Now

The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rtmpdump
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2015-8284 HIGH POC This Week

SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Spectrum Sdc
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2016-1914 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Blackberry Enterprise Service
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.2%
CVE-2015-8283 MEDIUM POC THREAT This Month

Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Path Traversal PHP Spectrum Sdc
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
14.4%
CVE-2016-8712 HIGH POC This Week

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2014-7920 CRITICAL Act Now

mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
9.6%
CVE-2015-8270 HIGH POC This Week

The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Rtmpdump
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-8727 HIGH POC This Week

An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-8726 HIGH POC This Week

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Awk 3131A Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2016-8723 HIGH POC This Week

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Awk 3131A Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2016-1915 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Blackberry Enterprise Service
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
7.2%
CVE-2016-6143 CRITICAL Act Now

SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Authentication Bypass Hana
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2016-1155 CRITICAL Act Now

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Code Injection Android
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2017-7725 MEDIUM POC This Month

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canonical Concrete Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.6%
CVE-2016-4031 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware Galaxy S4 Mini Firmware +2
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-4030 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware Galaxy S4 Mini Firmware +2
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2015-8272 MEDIUM POC This Month

RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Rtmpdump
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-4899 CRITICAL Act Now

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Novabackup Datacenter
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2016-4898 CRITICAL Act Now

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Novabackup Datacenter
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2012-1301 CRITICAL Act Now

The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Umbraco Cms
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2015-8780 MEDIUM POC This Month

Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Samsung Kies
NVD GitHub
CVSS 3.0
6.4
EPSS
0.1%
CVE-2014-2710 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Oliver
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-6674 CRITICAL PATCH Act Now

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Inspircd Debian Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-6818 CRITICAL Act Now

SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SQLi SAP Business Intelligence Platform
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-8724 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2016-4800 CRITICAL PATCH Act Now

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Jetty
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-2566 CRITICAL Act Now

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-10324 CRITICAL PATCH Act Now

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Osip
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7628 CRITICAL PATCH Act Now

The "Smart related articles" extension 1.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Smart Related Articles
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-7921 CRITICAL Act Now

mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-2036 MEDIUM POC This Month

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Google Samsung Galaxy S6 Firmware +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8725 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2016-8722 MEDIUM POC This Month

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2015-2947 CRITICAL Act Now

KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kancolleviewer
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2016-4970 HIGH PATCH This Week

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Netty Jboss Data Grid Jboss Middleware Text Only Advisories +1
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2017-7219 HIGH PATCH This Week

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Citrix Netscaler Gateway Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2016-4032 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware +3
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-8720 MEDIUM POC This Month

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Awk 3131A Firmware
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2015-8567 HIGH PATCH This Week

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Ubuntu Linux Debian Linux Linux Enterprise Debuginfo +6
NVD
CVSS 3.1
7.7
EPSS
3.5%
CVE-2015-8619 HIGH PATCH This Week

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2015-8107 HIGH This Week

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE A2Ps
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2016-10123 HIGH This Week

Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Firejail
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10122 HIGH This Week

Firejail does not properly clean environment variables, which allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Firejail
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10117 HIGH This Week

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Firejail
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10121 HIGH This Week

Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Firejail
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10120 HIGH This Week

Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Firejail
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10119 HIGH This Week

Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Firejail
NVD
CVSS 3.0
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy