Ripple20 Treck TCP/IP Stack Vulnerabilities

Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A summary of JSOF’s research is here, along with a technical whitepaper. See the Rapid7 Analysis tab for further...

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , … because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. Recent assessments: ANHKWAR at Ma...

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: gwillcox-r7 at November 21, 2021 5:55pm UTC reported: A PoC for this vulnerability is now available at https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398. There is also a Metasploit module at...

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Windows Kernel Local Elevation of Privilege Vulnerability Recent assessments: zeroSteiner at October 30, 2020 9:13pm UTC reported: An error exists within cng!CfgAdtpFormatPropertyBlock where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a...

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. Recent assessments: surajpnadey at July 16, 2025 4:53pm UTC...

CVE-2020-12440

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none Recent assessments: gwillcox-r7 at April 06, 2021 7:24pm UTC reported: At the very least I’d debate the...

CVE-2022-34538

Digital Watchdog DW MEGApix IP cameras A7.2.220211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Recent assessments: gwillcox-r7 at November 29, 2021 4:33pm UTC reported: This is an interesting bug that allows one to...

CVE-2020-35234

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all password-reset link...

CVE-2022-27924

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Recent assessments: rbowes-r7 at August 16, 2022 8:10pm UTC...

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

CVE-2017-11882

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory...

CVE-2021-25298

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

CVE-2020-14882 — Unauthenticated RCE in Console component of Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2021-21551

Dell dbutil23.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. Recent assessments: jbaines-r7 at October 25, 2021 8:11pm UTC reported: Description...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...

SonicWall SMA 100 Series 10.x Firmware Zero-Day Vulnerability

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Recent assessments: wvu-r7 at February 04, 20...

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

CVE-2020-1048: Windows Print Spooler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1070. Recent assessments: bwatters-r7 at May 14, 2020...

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

CVE-2021-24085

Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730. Recent assessments: bwatters-r7 at March 03, 2021 1:51pm UTC reported: This attack is super useful to gain privileged access to an Exchange server. Given the ubiquity of the target, it’s remote nature, the...

CVE-2017-5963

An issue was discovered in caddy for TYPO3 before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the “paymillToken” HTTP POST parameter passed to the “caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php” URL. An attacker could execute...

CVE-2020-0787 Windows BITS Privesc

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka ‘Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at June 10, 2020 2:20am UTC...

CVE-2011-1762

A flaw exists in Wordpress related to the ‘wp-admin/press-this.php ‘script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publishposts’ permission. Recent assessments: Assessed Attacker Value: 0 Assesse...

CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Information Disclosure Vulnerability’. Recent assessments: busterb at June 09, 2020 11:49pm UTC reported: Edit: After...

CVE-2004-2687

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. Recent assessments: Assessed Attacker Value: 0 Assesse...

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 10, 2021 7:13am UTC reported: When used with CVE-2021-26855, an unauthenticated SSRF, CVE-2021-27065 yields unauthed, SYSTEM-level RCE against a vulnerable Exchange Server. On its own, exploiting thi...

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability...

CVE-2024-12356

A critical vulnerability has been discovered in Privileged Remote Access PRA and Remote Support RS products which can allow an unauthenticated attacker to inject commands that are run as a site user. Recent assessments: sfewer-r7 at February 13, 2025 3:54pm UTC reported: Based upon both writing a...

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

CVE-2015-0273

Multiple use-after-free vulnerabilities in ext/date/phpdate.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a 1 R or 2 r type specifier in a DateTimeZone data handled by the...

CVE-2021-1636

Microsoft SQL Elevation of Privilege Vulnerability Recent assessments: cloon3r at October 31, 2022 1:15pm UTC reported: Assessed Attacker Value: 3 Assessed Attacker Value: 3Assessed Attacker Value: 5...

CVE-2022-3180

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

CVE-2022-27925

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. Recent assessments: rbowes-r7 a...

CVE-2021-1732

Windows Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at February 10, 2021 10:03pm UTC reported: A very interesting vulnerability in win32kfull.sys on Windows 10 devices up to and including 20H2. Although the exploit in the wild specifically targeted Windows 10 v1709...

CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

ProxyShell Exploit Chain

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: ccondon-r7 at August 12, 2021 9:19pm UTC reported: Check out the Rapid7 analysis for details on the exploit chain. Seems like a lot of the PoC implementations so far are using admin mailboxes, but I’d imagine folks...

CVE-2018-19191

Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2018-10088

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: zeroSteiner at January 10, 2023 2:58pm UTC reported: CVE-2022-41082, also known as ProxyNotShell is an authenticated RCE in Microsoft Exchange. ProxyNotShell actually combines CVE-2022-41082 and CVE-2022-41040 for t...

CVE-2022-41800

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note:...

CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

CVE-2021-31166

HTTP Protocol Stack Remote Code Execution Vulnerability Recent assessments: architect00 at May 12, 2021 8:18am UTC reported: The vulnerability only affects newer versions of Windows 10 / Server. Version 20H2 and 2004 of Windows 10 and Windows Server Core installations are affected according to th...