Skip to main content
CVE-2017-14143 CRITICAL POC THREAT Emergency

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Authentication Bypass PHP Kaltura Server
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
77.4%
Threat
5.8
CVE-2014-9618 CRITICAL POC THREAT Emergency

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.2%.

Authentication Bypass Netsweeper
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
68.2%
Threat
5.5
CVE-2014-8684 CRITICAL POC PATCH THREAT Act Now

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.8%.

Code Injection PHP Codeigniter Kohana
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
44.8%
Threat
4.8
CVE-2014-8686 CRITICAL POC THREAT Emergency

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

PHP Information Disclosure Codeigniter
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
34.0%
Threat
4.5
CVE-2015-4683 CRITICAL POC THREAT Emergency

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.3%.

Privilege Escalation Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
34.3%
Threat
4.5
CVE-2014-9611 CRITICAL POC THREAT Emergency

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Authentication Bypass PHP Netsweeper
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2017-6315 CRITICAL POC Act Now

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Astaro Security Gateway Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.4%
CVE-2015-3431 CRITICAL Act Now

Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pydio
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2014-8174 CRITICAL Act Now

eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Edeploy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2017-10700 CRITICAL Act Now

In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Information Disclosure Qts
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-12883 CRITICAL PATCH Act Now

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Perl
NVD
CVSS 3.0
9.1
EPSS
4.7%
CVE-2017-10930 CRITICAL Act Now

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy