Lucene search
K

33 matches found

Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.8 views

PT-2025-1843 · Ac500 V3 · Ac500 V3

Name of the Vulnerable Software and Affected Versions: AC500 V3 versions prior to 3.8.0 Description: An attacker who successfully exploits this issue could cause command execution. The vulnerability exists in the AC500 V3 version, where after successfully exploiting a directory traversal...

7.3CVSS7.3AI score0.00333EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.6 views

PT-2024-9755

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely. The issue is related to incorrect code generation management. This...

9CVSS9.9AI score0.01314EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.5 views

CVE-2023-41223

D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

6.8CVSS7.2AI score0.00705EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/26 3:15 p.m.3 views

CVE-2023-50362

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

8.8CVSS6.1AI score0.00759EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/02 4:4 p.m.5 views

CVE-2023-41276 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

5.5CVSS6.4AI score0.00547EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/09/15 12:15 a.m.5 views

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

8.8CVSS6.2AI score0.01075EPSS
Exploits1References2
OSV
OSV
added 2021/01/28 8:15 p.m.2 views

ALPINE-CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

8.8CVSS7.2AI score0.02654EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Trend Micro InterScan Web Security Virtual Appliance 操作系统命令注入漏洞

Trend Micro InterScan Web Security Virtual Appliance IWSVA is a Web security gateway from Trend Micro that provides dynamic, integrated security protection for enterprise networks against Web-based threats. A command injection vulnerability exists in AddVLANItem in Trend Micro InterScan Web...

9CVSS7.4AI score0.44549EPSS
Exploits1References4
OSV
OSV
added 2020/10/19 1:15 p.m.6 views

CVE-2020-13778

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

8.8CVSS6.2AI score0.0421EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/08/11 12:0 a.m.2 views

PT-2020-3729 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the way the dnsrslvr.dll handles objects in memory, allowing an attacker to execute code with elevated permissions. A locally authenticated attacker could exploit th...

7.8CVSS7.5AI score0.00901EPSS
Exploits0References6
OSV
OSV
added 2019/07/09 7:15 p.m.5 views

CVE-2019-13280

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can b...

8.8CVSS7.9AI score0.02076EPSS
Exploits1References1
OSV
OSV
added 2018/05/30 9:29 p.m.5 views

CVE-2018-11481

TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters...

8.8CVSS6.3AI score0.01788EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/08/03 6:0 p.m.53 views

CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

7AI score0.11892EPSS
Exploits10References5
Rows per page
Query Builder