Skip to main content
CVE-2017-11444 CRITICAL POC THREAT Emergency

Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

SQLi PHP Subrion Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
79.3%
Threat
5.8
CVE-2017-11435 CRITICAL POC THREAT Emergency

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.7%.

Authentication Bypass Information Disclosure Hg100R Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.7%
Threat
4.1
CVE-2017-11445 CRITICAL POC Act Now

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Subrion Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-7977 CRITICAL Act Now

The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Elux
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2016-6798 CRITICAL PATCH Act Now

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XSS Apache SSRF XXE Information Disclosure +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-11436 CRITICAL Act Now

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-11465 CRITICAL PATCH Act Now

The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Ruby
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy