Skip to main content
CVE-2017-7283 HIGH POC THREAT Act Now

An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

PHP Information Disclosure Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2017-7692 HIGH POC THREAT Act Now

SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

RCE PHP Squirrelmail
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
15.5%
CVE-2015-8285 HIGH POC THREAT Act Now

The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Buffer Overflow Denial Of Service Total Security
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.3%
CVE-2017-2784 HIGH POC This Week

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE
NVD VulDB
CVSS 3.0
8.1
EPSS
3.1%
CVE-2016-4293 HIGH POC This Week

Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2016-4862 HIGH PATCH This Week

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Cs Cart
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-6616 HIGH This Week

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Integrated Management Controller Supervisor
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-1218 HIGH This Week

SQL injection vulnerability in Cybozu Garoon before 4.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6619 HIGH This Week

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Integrated Management Controller Supervisor
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6607 HIGH This Week

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
8.7
EPSS
1.0%
CVE-2017-5156 HIGH This Week

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Schneider Electric Wonderware Intouch Access Anywhere
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-5401 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Jboss Bpm Suite Jboss Enterprise Brms Platform
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3734 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Moodle
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3863 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3862 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3861 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-3860 HIGH This Week

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-6608 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-6368 HIGH This Week

A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco VMware Secure Firewall Management Center
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-4850 HIGH This Week

LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Authentication Bypass Line
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2016-1161 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Zoho Password Manager Pro
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-6609 HIGH This Week

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
7.7
EPSS
0.8%
CVE-2016-4650 HIGH This Week

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +2
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6610 HIGH This Week

A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
7.7
EPSS
0.6%
CVE-2017-6919 HIGH PATCH This Week

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Drupal
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-3808 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6337 HIGH PATCH This Week

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6335 HIGH PATCH This Week

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5409 HIGH This Week

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6332 HIGH PATCH This Week

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6331 HIGH PATCH This Week

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1122 HIGH This Week

IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Code Injection IBM Security Guardium
NVD
CVSS 3.0
7.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy