Skip to main content
CVE-2017-17968 CRITICAL POC THREAT Emergency

A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.6%.

Buffer Overflow RCE Nettransport Download Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
54.6%
Threat
5.1
CVE-2017-17974 CRITICAL POC Act Now

BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bas920 Firmware Isc2000 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2014-9515 CRITICAL Act Now

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dozer
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2014-4914 CRITICAL Act Now

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zend Framework Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2014-0121 CRITICAL PATCH Act Now

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Hawtio Jboss Fuse
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2014-3630 CRITICAL Act Now

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Java Play Framework
NVD
CVSS 3.0
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy