Skip to main content
CVE-2015-8351 CRITICAL POC THREAT Emergency

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 69.4%.

Path Traversal Code Injection RCE PHP WordPress +1
NVD Exploit-DB
CVSS 3.0
9.0
EPSS
69.4%
Threat
5.4
CVE-2015-4523 CRITICAL POC Act Now

Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files,. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Privilege Escalation Malware Analysis Appliance Malware Analyzer G2
NVD Exploit-DB
CVSS 3.0
9.3
EPSS
5.5%
CVE-2017-14269 CRITICAL POC Act Now

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 4Gee Wifi Mbb Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-14252 CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14247 CRITICAL POC Act Now

SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-4689 CRITICAL Act Now

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Banner Student
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-14265 CRITICAL PATCH Act Now

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Libraw
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-7877 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi User Dashboard
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-7649 CRITICAL Act Now

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kura
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-14242 CRITICAL PATCH Act Now

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-14238 CRITICAL PATCH Act Now

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy