Lucene search
K

256 matches found

CVE
CVE
added 2024/04/29 2:39 a.m.60 views

CVE-2024-4298

The CVE-2024-4298 issue affects HGiga iSherlock and its components (MailSherlock, SpamSherock, AuditSherlock). The root cause is improper filtering of special characters in certain function parameters within the email search interface, enabling command injection when exploited by an admin user. I...

7.2CVSS7.5AI score0.02087EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/29 2:39 a.m.18 views

CVE-2024-4298 HGiga iSherlock - Command Injection

The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...

7.2CVSS7.3AI score0.02087EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/15 4:1 a.m.19 views

CVE-2024-1655 ASUS WiFi Router - OS Command Injection

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request...

8.8CVSS8.3AI score0.02025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.6 views

PT-2024-18203 · Asus · Asus Wifi Routers

Name of the Vulnerable Software and Affected Versions: ASUS WiFi routers affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request, due to an OS Command Injection vulnerability...

8.8CVSS8.1AI score0.02025EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/02 12:22 p.m.58 views

CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS10AI score0.93901EPSS
Exploits7References2
Veracode
Veracode
added 2024/03/02 9:24 p.m.14 views

Cross-site Request Forgery (CSRF)

phpPgAdmin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of the request source in the "database.php" area of phpPgAdmin. This allows sensitive actions to be performed without proper verification of the request's origin. A remote attacker can...

9.6CVSS7.5AI score0.0364EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Command injection

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

8.4AI score0.01379EPSS
Exploits0References2
OSV
OSV
added 2024/02/21 6:15 p.m.3 views

CVE-2024-1212

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

9.8CVSS5.9AI score0.95388EPSS
Exploits9References5
NVD
NVD
added 2024/02/20 10:15 p.m.12 views

CVE-2024-25428

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

6.5CVSS7.9AI score0.00395EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/20 12:0 a.m.12 views

CVE-2024-25428

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

8.6AI score0.00395EPSS
Exploits1References1
NVD
NVD
added 2024/01/08 9:15 a.m.26 views

CVE-2023-29048

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...

8.8CVSS9.2AI score0.0133EPSS
Exploits0References4
Prion
Prion
added 2024/01/08 9:15 a.m.13 views

Design/Logic Flaw

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...

6.5CVSS8.1AI score0.0133EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/12/25 8:15 a.m.14 views

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

7.2CVSS0.00791EPSS
Exploits0References3
Prion
Prion
added 2023/12/25 8:15 a.m.25 views

Design/Logic Flaw

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

5.8CVSS7.2AI score0.00855EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.33 views

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

7AI score0.00791EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.21 views

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

7.1AI score0.00855EPSS
Exploits0References3
OSV
OSV
added 2023/12/25 12:0 a.m.18 views

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

7.2CVSS7AI score0.00855EPSS
Exploits0References5
OSV
OSV
added 2023/12/25 12:0 a.m.25 views

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

7.2CVSS7.1AI score0.00791EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.4 views

Dell Virtual Appliance Manager 操作系统命令注入漏洞

Dell Virtual Appliance Manager is a virtual appliance manager from Dell USA. A command injection vulnerability exists in Dell Virtual Appliance Manager, which can be exploited by an attacker to cause arbitrary operating system commands to be executed on an affected system...

7.2CVSS7.7AI score0.01732EPSS
Exploits0References2
NVD
NVD
added 2023/12/09 8:15 a.m.16 views

CVE-2023-47254

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface...

9.8CVSS0.02201EPSS
Exploits1References2
Rows per page
Query Builder