Skip to main content
CVE-2017-14322 CRITICAL POC THREAT Emergency

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.1%.

Authentication Bypass PHP Email Marketer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
26.1%
Threat
4.2
CVE-2017-15579 CRITICAL POC Act Now

In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Melody
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-5739 CRITICAL PATCH Act Now

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Request Smuggling Information Disclosure Go Fedora Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
11.9%
CVE-2015-5740 CRITICAL PATCH Act Now

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Go Fedora Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2015-5376 CRITICAL Act Now

SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Winpat Portal
NVD
CVSS 3.0
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy