Lucene search
+L

1347 matches found

OSV
OSV
added 2019/07/29 4:15 p.m.4 views

CVE-2019-12948

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service DoS condition or execute arbitrary co...

8.3CVSS7.5AI score0.01726EPSS
Exploits0References1
OSV
OSV
added 2019/07/04 8:15 p.m.5 views

CVE-2019-1889

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...

7.2CVSS7.1AI score0.02818EPSS
Exploits0References1
OSV
OSV
added 2019/07/01 7:15 p.m.5 views

CVE-2019-1578

Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser...

6.1CVSS6.6AI score0.01068EPSS
Exploits0References2
Palo Alto Networks
Palo Alto Networks
added 2019/06/27 11:50 p.m.15 views

Cross Site Scripting (XSS) in MineMeld

A reflected cross-site scripting XSS vulnerability exists in Palo Alto Networks MineMeld. Ref CVE-2019-1578 A remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. This issue...

6.1CVSS6.1AI score0.01068EPSS
Exploits0References1
OSV
OSV
added 2019/05/15 8:29 p.m.2 views

CVE-2019-1769

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient...

6.7CVSS6.9AI score0.00463EPSS
Exploits0References2
Prion
Prion
added 2019/05/10 5:29 p.m.18 views

Command injection

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that woul...

9CVSS7.9AI score0.04269EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2019/04/08 5:29 p.m.26 views

CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field...

9CVSS7.1AI score0.38369EPSS
Exploits1References3
OSV
OSV
added 2019/04/08 5:29 p.m.7 views

CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field...

7.2CVSS7.2AI score0.38369EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2019/04/08 5:0 p.m.16 views

CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field...

7.3AI score0.38369EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/08 5:0 p.m.32 views

CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field...

7.1AI score0.38369EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/04/08 12:0 a.m.12 views

CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the “TestEmail” functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. Recent assessments: Assessed Attacker Value: 0...

9CVSS7AI score0.38369EPSS
In wildExploits1References4
OSV
OSV
added 2019/04/02 6:30 p.m.3 views

CVE-2019-7474

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2,...

6.5CVSS6.9AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2019/04/02 6:30 p.m.15 views

CVE-2019-7474

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2,...

6.5CVSS6.3AI score0.00684EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/02 5:20 p.m.19 views

CVE-2019-7474

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2,...

6.4AI score0.00684EPSS
Exploits0References1
SonicWall
SonicWall
added 2019/04/01 12:0 a.m.12 views

SonicOS Download Certificate in Admin GUI Could Cause System Instability

A vulnerability in SonicOS allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0,...

8.5CVSS6.7AI score0.00684EPSS
Exploits0
Fortinet
Fortinet
added 2019/03/29 12:0 a.m.50 views

FortiSIEM LDAP server password reflected in admin portal

An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...

4CVSS1.5AI score0.01286EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/01/24 3:29 p.m.2 views

CVE-2019-1652

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...

7.2CVSS7.7AI score0.95923EPSS
Exploits11References9
OSV
OSV
added 2018/12/28 4:29 p.m.1 views

CVE-2018-1000887

Peel shopping peel-shopping910 version contains a Cross Site Scripting XSS vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account...

4.8CVSS5.8AI score0.00666EPSS
Exploits1References1
NVD
NVD
added 2018/12/23 11:29 p.m.17 views

CVE-2018-20405

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...

4CVSS3.7AI score0.00822EPSS
Exploits1References1
Prion
Prion
added 2018/12/23 11:29 p.m.12 views

Cross site scripting

DISPUTED BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not...

4CVSS3.9AI score0.00822EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder