Skip to main content
CVE-2017-14421 CRITICAL POC Act Now

D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2017-14429 CRITICAL POC Act Now

The DHCP client on D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP D-Link Command Injection Dir 850L Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2017-14417 CRITICAL POC Act Now

register_send.php on D-Link DIR-850L REV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass PHP Dir 850L Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2017-14403 CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14402 CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14401 CRITICAL POC Act Now

The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eyesofnetwork
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8686 CRITICAL PATCH Act Now

The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Microsoft Windows Server 2012 Windows Server 2016
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2015-5206 CRITICAL Act Now

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-5168 CRITICAL Act Now

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-11462 CRITICAL PATCH Act Now

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-11351 CRITICAL Act Now

Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mu553S Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-12249 CRITICAL Act Now

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Meeting Server
NVD
CVSS 3.0
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy