Skip to main content
CVE-2017-11281 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.9%.

Buffer Overflow RCE Adobe Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
60.9%
Threat
5.3
CVE-2017-11282 CRITICAL POC THREAT Emergency

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Buffer Overflow RCE Adobe Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.7%
Threat
4.1
CVE-2017-11284 CRITICAL PATCH Act Now

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9%.

Deserialization Adobe Coldfusion
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2017-11283 CRITICAL PATCH Act Now

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9%.

Deserialization Adobe Coldfusion
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2017-13664 CRITICAL POC Act Now

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cubeone Firmware
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-10903 CRITICAL Act Now

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ptw Wms1 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2017-15702 CRITICAL PATCH Act Now

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Qpid Broker J
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2017-10861 CRITICAL Act Now

Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qnd Advance Standard
NVD
CVSS 3.0
9.1
EPSS
6.5%
CVE-2017-10902 CRITICAL Act Now

PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ptw Wms1 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-17086 CRITICAL Act Now

Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Otter
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-15607 CRITICAL Act Now

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Otter
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-10900 CRITICAL Act Now

PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ptw Wms1 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-10899 CRITICAL Act Now

SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi A Reserve
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-10898 CRITICAL Act Now

SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi A Member
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-14487 CRITICAL Act Now

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Ohmibod Remote
NVD
CVSS 3.0
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy