CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2015-8965
https://notcve.org/view.php?id=CVE-2015-8965
06 Apr 2017 — Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called. Rogue Wave JViews en versiones anteriores 8.8 parche 21 y 8.9 en versiones anteriores parche 1 permite a atacantes remotos ejecutar código Java arbitra... • https://rwkbp.makekb.com/?View=entry&EntryID=2521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 0CVE-2017-5611 – WordPress Core < 4.7.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2017-5611
26 Jan 2017 — SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. Vulnerabilidad de inyección SQL en wp-includes/class-wp-query.php en WP_Query en WordPress en versiones anteriores a 4.7.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios aprovechando la presencia de un plugin o tema afectado que no maneja ... • http://www.debian.org/security/2017/dsa-3779 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •