Lucene search
K

152 matches found

Cvelist
Cvelist
added 2020/03/31 4:20 p.m.18 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.2AI score0.00736EPSS
Exploits0References6
CVE
CVE
added 2020/03/31 4:20 p.m.255 views

CVE-2019-14905

The CVE-2019-14905 issue affects Ansible Engine’s nxos_file_copy module, where the filename parameter could be crafted to inject OS commands on NXOS devices. This is a local attack with potential confidentiality, integrity, and availability impacts as described (loss of confidentiality, etc.). Af...

7.3CVSS6AI score0.00736EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2020/03/31 4:20 p.m.46 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.3AI score0.00736EPSS
Exploits0
NVD
NVD
added 2020/02/17 4:15 a.m.22 views

CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

10CVSS9.6AI score0.0209EPSS
Exploits1References1
Prion
Prion
added 2020/02/17 4:15 a.m.14 views

Design/Logic Flaw

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

10CVSS9.4AI score0.0209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/17 3:3 a.m.14 views

CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

9.6AI score0.0209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2019/11/27 6:48 p.m.36 views

CVE-2019-14905

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Mitigation There...

7.3CVSS2.6AI score0.00736EPSS
Exploits0References3
Talos Blog
Talos Blog
added 2019/10/30 6:27 a.m.147 views

Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Post by Jon Munshaw. YouPHPTube contains multiple vulnerabilities that could allow an attacker to carry out a variety of malicious activities. Specially crafted, attacker-created web requests can allow an attacker to inject...

1AI score0.45302EPSS
Exploits10
Talos
Talos
added 2019/10/17 12:0 a.m.120 views

YouPHPTube Encoder base64Url multiple command injections

Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...

10CVSS9.9AI score0.45302EPSS
Exploits3
NVD
NVD
added 2019/10/16 7:15 p.m.17 views

CVE-2019-15274

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an...

7.2CVSS6.5AI score0.00512EPSS
Exploits0References1
Prion
Prion
added 2019/10/16 7:15 p.m.20 views

Command injection

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an...

7.2CVSS6.7AI score0.00512EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/16 6:36 p.m.59 views

CVE-2019-15274

CVE-2019-15274 affects Cisco TelePresence Collaboration Endpoint (CE) Software. The vulnerability is in the CLI where insufficient input validation allows an authenticated, local attacker (with administrative access in the restricted shell) to submit crafted input to a specific command, enabling ...

7.2CVSS6.5AI score0.00512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/26 3:18 p.m.13 views

CVE-2019-12091 Netskope client command injections vulnerability

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to...

7.8CVSS8.1AI score0.00921EPSS
Exploits0References3
OSV
OSV
added 2019/07/02 7:15 p.m.2 views

CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections...

9.8CVSS5.8AI score0.97136EPSS
Exploits16References7
NVD
NVD
added 2019/07/02 7:15 p.m.20 views

CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections...

10CVSS9.6AI score0.97136EPSS
Exploits16References7
Vulnrichment
Vulnrichment
added 2019/07/02 12:0 a.m.17 views

CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections...

7AI score0.97136EPSS
Exploits16References6
CVE
CVE
added 2019/07/02 12:0 a.m.411 views

CVE-2019-7256

CVE-2019-7256 concerns a remote OS command injection in Linear eMerge E3-Series devices. Multiple connected sources (ExploitDB entries for 1.00-06 and earlier 2.x/4.x sketches, a Metasploit/MISP-linked exploit pack, and CISA KEV listings) confirm unauthenticated remote code execution via the E3 a...

10CVSS9.4AI score0.97136EPSS
In wildExploits16References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/07/02 12:0 a.m.116 views

CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections. Recent assessments: h00die-gr3y at December 03, 2022 12:46pm UTC reported: Building Automation and Access Control systems are at the heart of many critical infrastructures, and their security is vital. Executing attacks on these systems ma...

10CVSS10AI score0.97136EPSS
In wildExploits16References7
Cvelist
Cvelist
added 2019/07/02 12:0 a.m.28 views

CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections...

9.6AI score0.97136EPSS
Exploits16References6
NVD
NVD
added 2019/05/02 5:29 p.m.25 views

CVE-2017-18371

The ZyXEL P660HN-T1A v2 TCLinux Fw 7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can b...

9.8CVSS8.8AI score0.22531EPSS
Exploits2References5
Rows per page
Query Builder