Skip to main content
CVE-2017-2805 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption C1 Hd Indoor Camera Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2017-4989 CRITICAL Act Now

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Avamar Server
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-4990 CRITICAL Act Now

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avamar Server
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-6050 CRITICAL Act Now

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Integraxor
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-9771 CRITICAL PATCH Act Now

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Websitebaker
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-8731 CRITICAL Act Now

Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C1 Webcam Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy