Skip to main content
CVE-2015-2780 CRITICAL POC PATCH THREAT Act Now

Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.9%.

RCE File Upload Berta Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.9%
Threat
4.4
CVE-2014-9148 CRITICAL POC THREAT Emergency

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.2%.

Authentication Bypass Fiyo Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.2%
Threat
4.2
CVE-2015-7687 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Denial Of Service Memory Corruption Use After Free RCE Opensmtpd +1
NVD
CVSS 3.0
9.8
EPSS
10.1%
CVE-2017-15376 CRITICAL POC Act Now

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mobaxterm
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2014-8621 CRITICAL POC Act Now

SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Store Locator
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-15373 CRITICAL POC Act Now

E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Sic
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.6%
CVE-2015-4650 CRITICAL Act Now

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2017-14952 CRITICAL PATCH Act Now

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-15293 CRITICAL Act Now

Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Point Of Sale Xpress Server
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-15295 CRITICAL Act Now

Xpress Server in SAP POS does not require authentication for read/write/delete file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Point Of Sale Xpress Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-9367 CRITICAL Act Now

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Workspaces Vapp Workspaces Appliance X
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2014-3702 CRITICAL Act Now

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Edeploy
NVD GitHub
CVSS 3.0
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy