Skip to main content
CVE-2017-9769 CRITICAL POC THREAT Emergency

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.8%.

Information Disclosure Synapse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.8%
Threat
5.8
CVE-2015-2560 CRITICAL POC THREAT Emergency

Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.4%.

Privilege Escalation Manageengine Desktop Central
NVD
CVSS 3.0
9.8
EPSS
20.4%
Threat
4.1
CVE-2017-11494 CRITICAL POC Act Now

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sol Connect Iset Mpp Meter Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-12199 CRITICAL POC Act Now

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Ultimate Product Catalog
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-8390 CRITICAL Act Now

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.0
9.8
EPSS
11.4%
CVE-2017-11389 CRITICAL PATCH Act Now

Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Trend Micro RCE Control Manager
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2017-11386 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11385 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11384 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11383 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2015-1174 CRITICAL Act Now

Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Teta Web
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-1383 CRITICAL Act Now

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.0
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy