Skip to main content
CVE-2017-17849 CRITICAL POC THREAT Emergency

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.1%.

Buffer Overflow RCE Getgo Download Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
35.1%
Threat
4.5
CVE-2017-17870 CRITICAL POC Act Now

The JBuildozer extension 1.4.1 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jbuildozer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-17875 CRITICAL POC Act Now

The JEXTN FAQ Pro extension 4.0.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jextn Faq Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17873 CRITICAL POC Act Now

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Marketplace Digital Products Php
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17872 CRITICAL POC Act Now

The JEXTN Video Gallery extension 3.0.5 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jextn Video Gallery
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17871 CRITICAL POC Act Now

The "JEXTN Question And Answer" extension 3.1.0 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jextn Question And Answer
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17931 CRITICAL POC Act Now

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Resume Clone Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17928 CRITICAL POC Act Now

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Professional Service Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17906 CRITICAL POC Act Now

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Rental Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17895 CRITICAL POC Act Now

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Basic Job Site Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17892 CRITICAL POC Act Now

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Readymade Video Sharing Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-9944 CRITICAL Act Now

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Kt Pac1200 Data Manager Firmware
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2015-7669 CRITICAL Act Now

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress PHP Easy2Map
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2017-17877 CRITICAL Act Now

An issue was discovered in Valve Steam Link build 643. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Steam Link Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2015-6237 CRITICAL Act Now

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip360
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-17900 CRITICAL PATCH Act Now

SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17899 CRITICAL PATCH Act Now

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17897 CRITICAL PATCH Act Now

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-17878 CRITICAL PATCH Act Now

An issue was discovered in Valve Steam Link build 643. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Steam Link Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy