Skip to main content
CVE-2017-11517 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.0%.

Buffer Overflow RCE Gcore
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
37.0%
Threat
4.6
CVE-2017-11519 CRITICAL POC THREAT Emergency

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

TP-Link Information Disclosure Archer C9 2 0 Firmware
NVD
CVSS 3.0
9.8
EPSS
13.2%
CVE-2017-9980 CRITICAL POC Act Now

In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dx 350 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2017-9932 CRITICAL POC Act Now

Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dx 350 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-7480 CRITICAL Act Now

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rootkit Hunter
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2015-3886 CRITICAL PATCH Act Now

libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libinfinity
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7540 CRITICAL PATCH Act Now

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Safemode
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy