Lucene search
+L

903 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 12:26 p.m.8 views

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vdsjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no...

7.5CVSS7.9AI score0.03573EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.5 views

70mai Dash Cam 1S 安全漏洞

70mai Dash Cam 1S is a car recorder from 70mai 70mai. The 70mai Dash Cam 1S suffers from a security vulnerability that originates from the fact that an attacker can bypass the device authorization mechanism of the official mobile application by connecting directly to the device's network and...

7.1CVSS6.7AI score0.00273EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-41140

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The...

8.8CVSS6.2AI score0.01096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:1 p.m.12 views

CVE-2020-27872

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.621.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the minihttpd service, which listens on TCP port 80 by...

8.8CVSS7.1AI score0.00898EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:48 p.m.13 views

CVE-2020-15631

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8CVSS7.3AI score0.02942EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/03 5:25 p.m.43 views

CVE-2024-52547 Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow

An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service TCP port 80. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

7.2CVSS0.00699EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.9 views

PT-2024-9304 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera

Name of the Vulnerable Software and Affected Versions: Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111 Description: An authenticated attacker can trigger a stack-based buffer overflow in the DHIP Service TCP port 80. This issue allows a remote attacker to...

9CVSS8.3AI score0.00699EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.16 views

Adobe Digital Editions < 4.5.11.187658 Multiple Vulnerabilities (APSB21-80) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.11.187658. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-80 advisory. - Adobe Digital Editions 4.5.11.187646 and earlier are affected by an arbitrary command execution...

9.3CVSS7.5AI score0.02003EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/10/08 12:0 a.m.54 views

Adobe InDesign < 18.5.4 / 19.0 < 19.5.0 Arbitrary code execution (APSB24-80) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 18.5.4, 19.5.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-80 advisory. - InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Ty...

7.8CVSS6.1AI score0.00269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/08 12:0 a.m.11 views

Adobe InDesign < 18.5.4 / 19.0 < 19.5.0 Arbitrary code execution (APSB24-80)

The version of Adobe InDesign installed on the remote Windows host is prior to 18.5.4, 19.5.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-80 advisory. - InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous...

7.8CVSS6.1AI score0.00269EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.292 views

Backdoor.Win32.Prorat.jz MVID-2024-0699 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Prorat.jz Vulnerability: Remote Stack Buffer Overflow SEH Description: The RAT...

7.4AI score
Exploits0
NVD
NVD
added 2024/09/23 6:15 p.m.12 views

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

5.9CVSS0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/23 12:0 a.m.7 views

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

6.5AI score0.00198EPSS
Exploits0References3
CVE
CVE
added 2024/09/23 12:0 a.m.49 views

CVE-2024-39341

CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...

5.9CVSS7AI score0.00198EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.485 views

TVT NVMS-1000 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TVT NVMS-1000 Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability which exists in...

7.5CVSS7AI score0.96071EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.195 views

WPAD.dat File Server

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WPAD.dat File Server', 'Description' = %q This module generates a valid wpad.dat file for WPAD mitm attacks. Usually this module is used in...

7.4AI score
Exploits0
NVD
NVD
added 2024/08/22 2:15 a.m.35 views

CVE-2022-48916

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double listadd when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform Sapphire Rapids CPU during booting: p...

5.5CVSS0.0021EPSS
Exploits0References3
NVD
NVD
added 2024/08/20 12:15 p.m.30 views

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/20 11:48 a.m.23 views

CVE-2024-41697 Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 2024/08/20 11:48 a.m.65 views

CVE-2024-41697

CVE-2024-41697 corresponds to a Basic XSS (CWE-80) vulnerability with CVSS v3.1 metrics: Network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. Exploitation status is not indicated in the provided documents; the impact is limited to con...

6.1CVSS6.3AI score0.00254EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder