Skip to main content
CVE-2017-11394 CRITICAL POC PATCH THREAT Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.7%.

RCE Trend Micro Command Injection PHP Officescan
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.7%
Threat
5.9
CVE-2017-11721 CRITICAL POC PATCH Act Now

Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Ioquake3
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-11105 CRITICAL POC Act Now

The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Primary Bootloader
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-12414 CRITICAL POC Act Now

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Format Factory
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-11393 CRITICAL PATCH Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Trend Micro Command Injection PHP Officescan
NVD
CVSS 3.0
9.8
EPSS
8.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy