Skip to main content
CVE-2017-7283 HIGH POC THREAT Act Now

An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

PHP Information Disclosure Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2017-7692 HIGH POC THREAT Act Now

SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

RCE PHP Squirrelmail
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
15.5%
CVE-2015-8285 HIGH POC THREAT Act Now

The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Buffer Overflow Denial Of Service Total Security
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.3%
CVE-2016-8721 CRITICAL POC Act Now

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Awk 3131A Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2017-2784 HIGH POC This Week

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE
NVD VulDB
CVSS 3.0
8.1
EPSS
3.1%
CVE-2016-4293 HIGH POC This Week

Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2016-5762 CRITICAL Act Now

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Buffer Overflow Groupwise
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2017-7282 MEDIUM POC This Month

An issue was discovered in Unitrends Enterprise Backup before 9.1.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Enterprise Backup
NVD
CVSS 3.0
5.5
EPSS
7.5%
CVE-2017-7938 MEDIUM POC This Month

Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Dmitry Deepmagic Information Gathering Tool
NVD GitHub Exploit-DB
CVSS 3.1
6.6
EPSS
1.9%
CVE-2015-8959 MEDIUM POC PATCH This Month

coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2016-6338 MEDIUM POC This Month

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Enterprise Virtualization
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2015-8958 MEDIUM POC PATCH This Month

coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2015-8957 MEDIUM POC PATCH This Month

Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-1219 CRITICAL Act Now

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2017-5158 CRITICAL Act Now

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Intouch Access Anywhere
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2016-4862 HIGH PATCH This Week

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Cs Cart
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-6616 HIGH This Week

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Integrated Management Controller Supervisor
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-1218 HIGH This Week

SQL injection vulnerability in Cybozu Garoon before 4.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6619 HIGH This Week

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Integrated Management Controller Supervisor
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6607 HIGH This Week

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
8.7
EPSS
1.0%
CVE-2017-5156 HIGH This Week

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Schneider Electric Wonderware Intouch Access Anywhere
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-5401 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Jboss Bpm Suite Jboss Enterprise Brms Platform
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3734 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Moodle
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3863 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3862 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3861 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3860 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-6608 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-6368 HIGH This Week

A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco VMware Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-4850 HIGH This Week

LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Authentication Bypass Line
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2017-2806 MEDIUM POC This Month

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Perceptive Document Filters
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-1161 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Zoho Password Manager Pro
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-6609 HIGH This Week

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
7.7
EPSS
0.8%
CVE-2016-4650 HIGH This Week

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +2
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6610 HIGH This Week

A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
7.7
EPSS
0.6%
CVE-2017-6919 HIGH PATCH This Week

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Drupal
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-3808 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6337 HIGH PATCH This Week

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6335 HIGH PATCH This Week

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5409 HIGH This Week

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6332 HIGH PATCH This Week

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6331 HIGH PATCH This Week

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1122 HIGH This Week

IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Code Injection IBM Security Guardium
NVD
CVSS 3.0
7.4
EPSS
0.0%
CVE-2016-7526 MEDIUM PATCH This Month

coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
3.6%
CVE-2016-7530 MEDIUM PATCH This Month

The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2016-7521 MEDIUM PATCH This Month

Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2016-7538 MEDIUM PATCH This Month

coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2016-7536 MEDIUM PATCH This Month

magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2016-7514 MEDIUM PATCH This Month

The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2016-7532 MEDIUM PATCH This Month

coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy