Skip to main content
CVE-2016-8584 CRITICAL POC Act Now

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2016-8585 HIGH POC This Week

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
7.3%
CVE-2017-7895 CRITICAL PATCH Act Now

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.5%.

Buffer Overflow Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
21.5%
CVE-2016-8593 HIGH POC This Week

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trend Micro RCE Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2016-8592 HIGH POC This Week

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8591 HIGH POC This Week

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8590 HIGH POC This Week

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8589 HIGH POC This Week

log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8586 HIGH POC This Week

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8588 HIGH POC This Week

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-8587 HIGH POC This Week

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-2096 CRITICAL PATCH Act Now

smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Smalruby Editor
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2017-2142 CRITICAL Act Now

Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wn G300R3 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-2149 HIGH This Week

Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flashair
NVD
CVSS 3.0
8.8
EPSS
7.5%
CVE-2017-2119 HIGH PATCH This Week

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Wbce Cms
NVD
CVSS 3.0
8.6
EPSS
7.4%
CVE-2017-2112 HIGH This Week

TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Ts Ptcam Poe Firmware Ts Ptcam Firmware Ts Wrlc Firmware Ts Wlc2 Firmware +3
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2017-2113 HIGH This Week

Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ts Ptcam Poe Firmware Ts Ptcam Firmware Ts Wrlc Firmware Ts Wlc2 Firmware +3
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2017-2155 HIGH PATCH This Week

Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Hoozin Viewer
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2017-2125 HIGH This Week

Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centrecom Ar260S V2 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2017-2128 HIGH This Week

Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Introduction To Safe Website Operation
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-2140 HIGH This Week

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tablacus Explorer
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1194 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Websphere Application Server
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2102 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Appgoat
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2097 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Knowledge
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-6250 HIGH PATCH This Week

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Nvidia Geforce Experience
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-2156 HIGH PATCH This Week

Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Vivaldi Installer For Windows
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-2108 HIGH This Week

Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Primedrive Desktop Application
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-2107 HIGH This Week

Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 7 Zip32 Dll
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-2130 HIGH This Week

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phishwall Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-2154 HIGH This Week

Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Hanako Hanako Police Hanako Pro +6
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-2153 HIGH This Week

SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service X86 Fuji Firmware Bpv 4 Firmware X1 Firmware X2 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-2120 HIGH PATCH This Week

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wbce Cms
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2017-2101 HIGH This Week

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Appgoat
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2017-2141 HIGH This Week

WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wn G300R3 Firmware
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2017-2090 MEDIUM This Month

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cubecart
NVD
CVSS 3.0
6.5
EPSS
3.4%
CVE-2016-7842 MEDIUM This Month

Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Attachecase
NVD
CVSS 3.0
5.5
EPSS
6.9%
CVE-2017-2152 MEDIUM This Month

WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wnc01Wh Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2016-7843 MEDIUM This Month

Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java Attachecase For Java Attachecase Lite Attachecase Pro
NVD
CVSS 3.0
5.5
EPSS
6.6%
CVE-2017-2098 MEDIUM PATCH This Month

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cubecart
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2017-2099 MEDIUM This Month

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Appgoat
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2017-2100 MEDIUM This Month

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appgoat
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2017-2136 MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-2147 MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2106 MEDIUM PATCH This Month

Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2111 MEDIUM This Month

HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ts Ptcam Poe Firmware Ts Ptcam Firmware Ts Wrlc Firmware Ts Wlc2 Firmware +3
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2135 MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2123 MEDIUM PATCH This Month

Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Onethird Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2118 MEDIUM PATCH This Month

Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wbce Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2134 MEDIUM This Month

Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Assetbase
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-2124 MEDIUM PATCH This Month

Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Onethird Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy