Skip to main content
CVE-2017-12478 CRITICAL POC THREAT Emergency

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Authentication Bypass Unitrends Backup
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.6%
Threat
5.9
CVE-2017-12477 CRITICAL POC THREAT Emergency

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%.

Authentication Bypass Unitrends Backup
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
76.0%
Threat
5.7
CVE-2015-7871 CRITICAL POC THREAT Emergency

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.6%.

Authentication Bypass Ntp Debian Linux Oncommand Balance Oncommand Performance Manager +3
NVD
CVSS 3.1
9.8
EPSS
79.6%
Threat
5.8
CVE-2015-7853 CRITICAL PATCH Act Now

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.6%.

Buffer Overflow RCE Denial Of Service Ntp Oncommand Balance +4
NVD
CVSS 3.1
9.8
EPSS
40.6%
CVE-2015-7705 CRITICAL Emergency

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.0% and no vendor patch available.

Information Disclosure Ntp Oncommand Performance Manager Oncommand Unified Manager Clustered Data Ontap +4
NVD
CVSS 3.1
9.8
EPSS
31.0%
CVE-2017-6747 CRITICAL Act Now

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-7928 CRITICAL Act Now

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sel 3620 Firmware Sel 3622 Firmware
NVD
CVSS 3.0
10.0
EPSS
0.5%
CVE-2017-12650 CRITICAL Act Now

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Loginizer
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-12567 CRITICAL Act Now

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kace Asset Management Appliance Kace Systems Management Appliance K1000 As A Service
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-5244 CRITICAL PATCH Act Now

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Mod Nss
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-9632 CRITICAL Act Now

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Laserwash G5 Firmware Laserwash G5 S Firmware Laserwash M5 Firmware Laserwash 360 Firmware +7
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-9630 CRITICAL Act Now

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Laserwash G5 Firmware Laserwash G5 S Firmware Laserwash M5 Firmware Laserwash 360 Firmware +7
NVD
CVSS 3.0
9.4
EPSS
0.2%
CVE-2015-1555 CRITICAL Act Now

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zend Framework
NVD
CVSS 3.0
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy