Skip to main content
CVE-2017-11394 CRITICAL POC PATCH THREAT Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.7%.

RCE Trend Micro Command Injection PHP Officescan
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.7%
Threat
5.9
CVE-2017-11391 HIGH POC THREAT Act Now

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.4%.

RCE Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
81.4%
Threat
5.7
CVE-2017-11392 HIGH POC THREAT Act Now

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.9%.

RCE Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
73.9%
Threat
5.5
CVE-2017-7442 HIGH POC THREAT Act Now

Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.3%.

Path Traversal RCE Nitro Pro
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
70.3%
Threat
5.4
CVE-2017-11721 CRITICAL POC PATCH Act Now

Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Ioquake3
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-11105 CRITICAL POC Act Now

The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Primary Bootloader
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-12414 CRITICAL POC Act Now

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Format Factory
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-11393 CRITICAL PATCH Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Trend Micro Command Injection PHP Officescan
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2017-11320 MEDIUM POC This Month

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tc7337 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-11382 HIGH PATCH This Week

Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Trend Micro Information Disclosure Deep Discovery Email Inspector
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-1504 MEDIUM This Month

IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1327 MEDIUM PATCH This Month

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1199 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Master Data Management Server
NVD
CVSS 3.0
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy