Skip to main content
CVE-2017-11715 CRITICAL POC Act Now

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Metinfo
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-11720 CRITICAL POC Act Now

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lame
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11645 CRITICAL Act Now

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 4Gt101W Software 4Gt101W Bootloader
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-11184 CRITICAL Act Now

SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Glpi
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-4919 CRITICAL Act Now

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

VMware Authentication Bypass Vcenter Server
NVD
CVSS 3.0
9.0
EPSS
0.9%
CVE-2017-11694 CRITICAL Act Now

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Medhost Document Management System
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2017-11693 CRITICAL Act Now

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Medhost Document Management System
NVD
CVSS 3.0
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy