Skip to main content
CVE-2014-9118 HIGH POC THREAT Act Now

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%.

Command Injection Znid 2426A Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.3%
Threat
4.8
CVE-2015-7806 CRITICAL POC THREAT Emergency

Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

RCE WordPress PHP Command Injection Form Manager
NVD
CVSS 3.0
9.8
EPSS
13.9%
CVE-2014-8357 HIGH POC THREAT Act Now

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Authentication Bypass Znid 2426A Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
18.3%
CVE-2017-15539 CRITICAL POC Act Now

SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zorovavi Blog
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-15565 HIGH POC This Week

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-13082 HIGH POC This Week

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-3761 CRITICAL PATCH Act Now

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Google Command Injection Lenovo Service Framework
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2017-3758 CRITICAL PATCH Act Now

Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2014-2664 HIGH This Week

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload X2Crm
NVD
CVSS 3.0
8.8
EPSS
6.9%
CVE-2017-13999 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Levi Studio Hmi Editor
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2014-9487 CRITICAL Act Now

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Mediawiki
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2014-9733 CRITICAL Act Now

nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nw Js
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8805 CRITICAL PATCH Act Now

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Ftpsync
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2014-8324 HIGH PATCH This Week

network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aircrack Ng
NVD GitHub
CVSS 3.0
7.5
EPSS
7.9%
CVE-2014-8323 HIGH PATCH This Week

buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aircrack Ng
NVD GitHub
CVSS 3.0
7.5
EPSS
7.9%
CVE-2014-9489 HIGH PATCH This Week

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Gollum Gollum Lib Grit Adapter
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-14005 HIGH This Week

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Multiflex M10A Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-14011 HIGH This Week

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multiflex M10A Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-9625 HIGH This Week

An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envidas Ultimate
NVD
CVSS 3.0
8.2
EPSS
1.3%
CVE-2017-3759 HIGH PATCH This Week

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-3760 HIGH PATCH This Week

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-5531 HIGH This Week

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2017-6273 HIGH This Week

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nvidia Adsp Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9697 HIGH This Week

Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9560 Firmware Usg9520 Firmware Usg9580 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-2277 HIGH This Week

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Perltidy
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2017-13084 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2017-13077 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2017-13086 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2017-14009 MEDIUM This Month

An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Multiflex M10A Controller Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2014-9678 MEDIUM This Month

FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flexpaper
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-9677 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Flexpaper
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14013 MEDIUM This Month

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Multiflex M10A Controller Firmware
NVD
CVSS 3.0
5.6
EPSS
0.3%
CVE-2017-14007 MEDIUM This Month

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Multiflex M10A Controller Firmware
NVD
CVSS 3.0
5.6
EPSS
0.2%
CVE-2017-13087 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame,. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-15537 MEDIUM PATCH This Month

The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-15538 MEDIUM PATCH This Month

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-13080 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2017-13078 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2017-13088 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-13079 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-13081 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy