CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

738 matches found

Prion•added 2020/02/07 3:15 p.m.•18 views

Privilege escalation

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...

7.2CVSS8AI score0.00517EPSS

Exploits0References1Affected Software1

CVE•added 2020/02/07 2:56 p.m.•49 views

CVE-2020-8126

The CVE-2020-8126 case affects Ubiquiti EdgeSwitch before version 1.7.1, where a CGI script does not fully sanitize user input, enabling local command execution. An operator-privilege user (Privilege-1) can escalate to administrator (Privilege-15). The issue is triggered via crafted input in the ...

7.8CVSS7.9AI score0.00517EPSS

Exploits0References1Affected Software1

OpenVAS•added 2020/01/23 12:0 a.m.•37 views

Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-2486)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.04371EPSS

Exploits0References2

OpenWrt•added 2020/01/13 12:0 a.m.•50 views

Security Advisory 2020-01-13-1 - uhttpd invalid data access via HTTP POST request (CVE-2019-19945)

DESCRIPTION An invalid data access can be triggered with an HTTP POST request to a CGI script specifying both Transfer-Encoding: chunked and a large Content-Length which exceeds 2^31 and is interpreted as a signed negative number. The negative content length is assigned to r→contentlength in...

7.5CVSS7.7AI score0.01551EPSS

Exploits0

NVD•added 2019/12/19 1:15 a.m.•22 views

CVE-2019-7485

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...

8.8CVSS9AI score0.0153EPSS

Exploits0References1

Cvelist•added 2019/12/19 12:35 a.m.•22 views

CVE-2019-7484

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...

7AI score0.00845EPSS

Exploits0References1

Cvelist•added 2019/12/19 12:35 a.m.•17 views

CVE-2019-7486

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier...

9AI score0.01582EPSS

Exploits0References1

CVE•added 2019/12/19 12:35 a.m.•102 views

CVE-2019-7485

CVE-2019-7485 affects the SonicWall SMA100 appliance (firmware versions up to 9.0.0.3). The root cause is a buffer overflow in the DEARegister CGI script , exploitable by an authenticated user to execute arbitrary code on the device . Affected product: SMA100; impact includes potential control ov...

8.8CVSS8.9AI score0.0153EPSS

Exploits0References1Affected Software1

VulnCheck KEV•added 2019/12/13 12:0 a.m.•0 views

VulnCheck KEV: CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

10CVSS7.6AI score0.25279EPSS

Exploits5References1

Tenable Nessus•added 2019/12/04 12:0 a.m.•39 views

EulerOS 2.0 SP2 : pcre (EulerOS-SA-2019-2486)

According to the version of the pcre packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a...

7.5CVSS8AI score0.04371EPSS

Exploits0References2

Debian CVE•added 2019/11/27 4:54 p.m.•37 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.9AI score0.04563EPSS

Exploits0

NVD•added 2019/11/08 4:15 p.m.•13 views

CVE-2013-1889