Skip to main content
CVE-2013-6924 CRITICAL POC THREAT Emergency

Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.4%.

PHP Command Injection Blackarmor Nas 220 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
48.4%
Threat
4.9
CVE-2017-5791 CRITICAL Emergency

The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 64.3% and no vendor patch available.

Authentication Bypass Intelligent Management Center Plat
NVD
CVSS 3.0
9.8
EPSS
64.3%
CVE-2017-5789 CRITICAL Emergency

HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.9% and no vendor patch available.

Buffer Overflow RCE Loadrunner Performance Center
NVD
CVSS 3.0
9.8
EPSS
33.9%
CVE-2017-15220 CRITICAL POC THREAT Emergency

Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Buffer Overflow RCE Vx Search
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.4%
CVE-2017-0903 CRITICAL PATCH Act Now

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Rubygems Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.0
9.8
EPSS
5.5%
CVE-2017-14003 CRITICAL Act Now

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ether Serial Link Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy