Skip to main content
CVE-2017-11317 CRITICAL POC KEV THREAT Emergency

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
91.8%
Threat
7.7
CVE-2017-11357 CRITICAL POC KEV THREAT Emergency

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE File Upload
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
7.8
CVE-2017-12965 CRITICAL POC THREAT Emergency

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Session Fixation Information Disclosure Apache2Triad
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
22.2%
Threat
4.1
CVE-2017-13137 CRITICAL POC Act Now

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Formcraft
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2015-5224 CRITICAL PATCH Act Now

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Util Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2017-13139 CRITICAL PATCH Act Now

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2017-12858 CRITICAL PATCH Act Now

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libzip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-12791 CRITICAL PATCH GHSA Act Now

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Salt
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy