Skip to main content
CVE-2017-17932 CRITICAL POC THREAT Emergency

A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Buffer Overflow RCE Denial Of Service Allmediaserver
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
77.4%
Threat
5.8
CVE-2017-5641 CRITICAL PATCH Act Now

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 48.5%.

Deserialization Java Apache RCE Flex Blazeds +1
NVD
CVSS 3.1
9.8
EPSS
48.5%
CVE-2014-8389 CRITICAL POC THREAT Emergency

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.0%.

Command Injection Bu 3026 Firmware Md 3025 Firmware Wl 2000Cam Firmware Poe 200Cam V2 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
14.0%
CVE-2017-17959 CRITICAL POC Act Now

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17957 CRITICAL POC Act Now

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-17951 CRITICAL POC Act Now

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Multivendor Ecommerce
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy