Skip to main content
CVE-2012-2576 CRITICAL POC THREAT Emergency

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.1%.

SQLi Backup Profiler Storage Manager Storage Profiler
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
41.1%
Threat
4.7
CVE-2017-17790 CRITICAL POC Act Now

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ruby
NVD GitHub
CVSS 3.0
9.8
EPSS
4.7%
CVE-2017-17777 CRITICAL POC Act Now

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Paid To Read Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-6094 CRITICAL POC Act Now

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gaps
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-17779 CRITICAL POC Act Now

Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Paid To Read Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-16725 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ahb7008F8 H Firmware Ahb7008F4 H Firmware Ahb7008F2 H Firmware Ahb7008T Mh V2 Firmware +132
NVD
CVSS 3.0
9.8
EPSS
8.5%
CVE-2017-17794 CRITICAL PATCH Act Now

validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Blogotext
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy