Lucene search
K

415 matches found

NVD
NVD
added 2024/03/05 2:15 a.m.30 views

CVE-2024-22188

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

7.2CVSS7.3AI score0.02017EPSS
Exploits0References3
Prion
Prion
added 2024/03/05 2:15 a.m.37 views

Command injection

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

7.9AI score0.02017EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.51 views

CentOS 9 : texlive-20200406-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs...

8.8CVSS7.9AI score0.00804EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2023/12/08 1:45 a.m.270 views

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

9.8CVSS8.7AI score0.46966EPSS
Exploits10
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:0 a.m.58 views

CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS9.9AI score0.99654EPSS
In wildExploits31References13
Cvelist
Cvelist
added 2023/10/05 5:47 p.m.19 views

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...

4.4CVSS7.8AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/05 5:47 p.m.14 views

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...

4.4CVSS7.3AI score0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.10 views

PT-2023-28682 · Dell · Dell Smartfabric Storage

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric Storage Software versions 1.4 and earlier Description: The issue is related to an improper access control vulnerability in the Command Line Interface CLI of the software. A local, possibly unauthenticated attacker could explo...

7.8CVSS7.9AI score0.00153EPSS
Exploits0References5
CERT
CERT
added 2023/08/07 12:0 a.m.19 views

Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution

Overview Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. Description Freewill Solutions IFIS new...

8.2AI score
Exploits0
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.4 views

HCL Technologies BigFix Mobile 命令注入漏洞

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...

8.8CVSS7.8AI score0.00771EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.18 views

Oracle Linux 8 / 9 : texlive (ELSA-2023-3661)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3661 advisory. 9:20200406-26 - Resolves: 2209872, CVE-2023-32700 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

8.8CVSS7.5AI score0.00804EPSS
Exploits0References2
NVD
NVD
added 2023/06/12 6:15 p.m.9 views

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

8.8CVSS7.5AI score0.0084EPSS
Exploits0References1
OSV
OSV
added 2023/06/12 6:15 p.m.6 views

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

8.8CVSS7.5AI score0.0084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.9 views

PT-2023-12820 · Percona +1 · Percona Xtrabackup +1

Name of the Vulnerable Software and Affected Versions: Percona XtraBackup versions 2.2.0 through 2.2.24 Percona XtraBackup versions 3.0.0 through 8.0.27-19 Description: A crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...

7.8CVSS7.9AI score0.00461EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/06/04 12:0 a.m.17 views

Fedora 37 : texlive-base (2023-d261122726)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d261122726 advisory. Fix CVE-2023-32700 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

8.8CVSS7.6AI score0.00804EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.14 views

SUSE SLES15: libkpathsea6 / libptexenc1 / libsynctex1 / libtexlua52-5 / etc (SUSE-SU-2023:2285-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2285-1 advisory. - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX bsc1211389. Tenable has extracted the preceding description block...

8.8CVSS7.8AI score0.00804EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.20 views

Debian DSA-5406-1 : texlive-bin - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5406 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets t...

8.8CVSS7.9AI score0.00804EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.4 views

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...

9.8CVSS8.9AI score0.01658EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.10 views

Debian: Security Advisory (DSA-2021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.6AI score0.08578EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/03/05 10:15 p.m.26 views

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

7.8CVSS7.2AI score0.00446EPSS
Exploits0References3
Rows per page
Query Builder