Skip to main content
CVE-2017-16934 CRITICAL POC THREAT Emergency

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Command Injection Web Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.4%
Threat
4.0
CVE-2017-16935 CRITICAL POC Act Now

Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ametys
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
7.1%
CVE-2017-16939 HIGH POC PATCH THREAT Act Now

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
10.2%
CVE-2017-16933 HIGH POC This Week

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-16936 MEDIUM POC This Month

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tenda Ac9 Firmware Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-10700 HIGH PATCH This Week

auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Cacti
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-16938 HIGH PATCH This Week

A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Optipng
NVD
CVSS 3.0
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy