115 matches found
CVE-2022-4136 Exposed Dangerous Method or Function in qmpaas/leadshop
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method...
CVE-2022-30703
Trend Micro Security 2021 and 2022 Consumer is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation...
CVE-2022-30703
Trend Micro Security 2021 and 2022 Consumer is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation...
CVE-2022-30703
CVE-2022-30703 affects Trend Micro Security (Consumer) 2021 and 2022. The issue is an exposed dangerous method in the NCIE Scanner/module that can allow a local attacker to disclose sensitive information, including leaked kernel addresses, and could potentially be chained to achieve privilege esc...
Cobbler has Exposed Dangerous Method or Function
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...
Command injection in guake
Guake is a drop-down terminal for GNOME. The package guake before 3.8.5 is vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command vi...
Command injection
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...
CVE-2021-23556
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...
PYSEC-2022-165
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...
CVE-2021-23556 Exposed Dangerous Method or Function
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...
CVE-2021-23556
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...
Siemens S7-1200 and S7-200 SMART CPUs (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Low skill level to exploit Vendor : Siemens Equipment: S7-1200 CPU family including SIPLUS variants; S7-200 SMART CPU family Vulnerability : Exposed Dangerous Method or Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...
ICSA-19-134-08 Siemens SIMATIC PCS7, WinCC, TIA Portal (Update D)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC TIA Portal Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. UPDATE INFORMATION This updated...
Medtronic MyCareLink Patient Monitor
1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Use of Hard-coded Password, Exposed Dangerous Method or Function 2. RISK EVALUATION If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However,...
[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities
Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet...