Lucene search
+L

115 matches found

osv
osv
added 2022/11/24 12:0 a.m.24 views

CVE-2022-4136 Exposed Dangerous Method or Function in qmpaas/leadshop

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method...

8.6CVSS8.5AI score0.00936EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/06/09 9:15 p.m.8 views

CVE-2022-30703

Trend Micro Security 2021 and 2022 Consumer is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation...

7.8CVSS5.8AI score0.00353EPSS
Exploits0References3
cvelist
cvelist
added 2022/06/09 8:15 p.m.35 views

CVE-2022-30703

Trend Micro Security 2021 and 2022 Consumer is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation...

7.6AI score0.00353EPSS
Exploits0References2
cve
cve
added 2022/06/09 8:15 p.m.71 views

CVE-2022-30703

CVE-2022-30703 affects Trend Micro Security (Consumer) 2021 and 2022. The issue is an exposed dangerous method in the NCIE Scanner/module that can allow a local attacker to disclose sensitive information, including leaked kernel addresses, and could potentially be chained to achieve privilege esc...

7.8CVSS7.4AI score0.00353EPSS
Exploits0References2Affected Software1
github
github
added 2022/05/13 1:54 a.m.26 views

Cobbler has Exposed Dangerous Method or Function

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...

9.8CVSS2.7AI score0.6786EPSS
Exploits0References14Affected Software1
github
github
added 2022/03/18 12:1 a.m.32 views

Command injection in guake

Guake is a drop-down terminal for GNOME. The package guake before 3.8.5 is vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command vi...

8CVSS3.7AI score0.01113EPSS
Exploits1References8Affected Software1
prion
prion
added 2022/03/17 12:15 p.m.14 views

Command injection

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

6CVSS7.9AI score0.01113EPSS
Exploits1References5Affected Software1
ubuntucve
ubuntucve
added 2022/03/17 12:15 p.m.35 views

CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS7.2AI score0.01113EPSS
Exploits1References6
osv
osv
added 2022/03/17 12:15 p.m.31 views

PYSEC-2022-165

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS3.8AI score0.01113EPSS
Exploits1References6
cvelist
cvelist
added 2022/03/17 11:20 a.m.18 views

CVE-2021-23556 Exposed Dangerous Method or Function

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

6.4CVSS8.1AI score0.01113EPSS
Exploits1References5
debiancve
debiancve
added 2022/03/17 11:20 a.m.50 views

CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS7.9AI score0.01113EPSS
Exploits1
ics
ics
added 2019/11/12 12:0 a.m.68 views

Siemens S7-1200 and S7-200 SMART CPUs (Update B)

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Low skill level to exploit Vendor : Siemens Equipment: S7-1200 CPU family including SIPLUS variants; S7-200 SMART CPU family Vulnerability : Exposed Dangerous Method or Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...

6.8CVSS6.6AI score0.00532EPSS
Exploits0References9
ics
ics
added 2019/05/14 12:0 a.m.152 views

ICSA-19-134-08 Siemens SIMATIC PCS7, WinCC, TIA Portal (Update D)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC TIA Portal Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. UPDATE INFORMATION This updated...

9CVSS8.6AI score0.01962EPSS
Exploits0References9
ics
ics
added 2018/06/28 12:0 a.m.41 views

Medtronic MyCareLink Patient Monitor

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Use of Hard-coded Password, Exposed Dangerous Method or Function 2. RISK EVALUATION If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However,...

7.2CVSS7.3AI score0.00362EPSS
Exploits0References5
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.102 views

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities

Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet...

7.2CVSS6.6AI score0.02029EPSS
Exploits5
Rows per page
Query Builder