Skip to main content
CVE-2017-6316 CRITICAL POC KEV THREAT Emergency

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Citrix Information Disclosure
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
87.8%
Threat
7.6
CVE-2017-11467 CRITICAL POC PATCH THREAT Act Now

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.3%.

Privilege Escalation Orientdb
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
76.3%
Threat
5.7
CVE-2017-11502 CRITICAL POC THREAT Emergency

Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Information Disclosure Dpc3928Ad Docsis Wireless Router Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.3%
CVE-2017-11495 CRITICAL POC Act Now

PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE K2 Psg1218 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-11471 CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-11470 CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-7062 CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Iphone Os +3
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2017-9785 CRITICAL PATCH Act Now

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization CSRF RCE Nancy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-6531 CRITICAL Act Now

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coaxdata Gateway 1Gbps Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-6532 CRITICAL Act Now

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coaxdata Gateway 1Gbps Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-6530 CRITICAL Act Now

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Coaxdata Gateway 1Gbps Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-11474 CRITICAL PATCH Act Now

GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy