Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-3523

Malware in sbrugna...

4.3CVSS6.2AI score0.01634EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 a.m.9 views

CVE-2013-3589

Cross-site scripting XSS vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter...

4.3CVSS6AI score0.01634EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.36 views

Dell iDRAC7 Injection (CVE-2016-5685)

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

9CVSS8AI score0.01757EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.22 views

Dell iDRAC7 Incorrect Authorization (CVE-2018-15774)

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in th...

8.8CVSS6.6AI score0.00941EPSS
Exploits0References3
CNVD
CNVD
added 2018/03/27 12:0 a.m.2 views

Dell EMC iDRAC7 and iDRAC8 Path Traversal Vulnerability

Dell EMC iDRAC7 and iDRAC8 are both system management solutions containing hardware and software from Dell USA. The solutions provide remote management, crash recovery, and power control for Dell PowerEdge systems.Web server is one of the web servers.URI parser is one of the URI resolvers. A path...

7.5CVSS6.8AI score0.03257EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/30 12:0 a.m.55 views

Dell iDRAC7 and iDRAC8 Devices Code Injection Vulnerability (Nov 2016)

Dell iDRAC7 and iDRAC8 devices allow authenticated users to gain Bash shell access through a string injection. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

9CVSS8.9AI score0.01757EPSS
Exploits0References2
OSV
OSV
added 2016/11/29 3:59 p.m.3 views

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...

8.8CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2016/11/29 3:59 p.m.10 views

Sql injection

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...

9CVSS7.9AI score0.01757EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2016/11/29 3:59 p.m.19 views

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...

9CVSS9AI score0.01757EPSS
Exploits0References2
CVE
CVE
added 2016/11/29 3:0 p.m.51 views

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices are affected when running firmware versions older than 2.40.40.40. The vulnerability is a string injection that allows authenticated users to gain Bash shell access. The issue is documented across multiple sources (NVD/NIST, CNVD, CVE records, and vendor/plugin refe...

9CVSS8.9AI score0.01757EPSS
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2015/01/21 12:0 a.m.54 views

Dell iDRAC Weak SessionID Vulnerability (IPMI Protocol) - Active Check

Intelligent Platform Management Interface IPMI v1.5 SessionID SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

5CVSS6.4AI score0.21152EPSS
Exploits6References5
Prion
Prion
added 2014/12/19 11:59 a.m.21 views

Command injection

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack...

5CVSS7.9AI score0.21152EPSS
Exploits6References3Affected Software4
Cvelist
Cvelist
added 2014/12/19 11:0 a.m.29 views

CVE-2014-8272

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack...

7.4AI score0.21152EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2013/10/13 12:0 a.m.114 views

Dell iDRAC6 / iDRAC7 Login Page 'ErrorMsg' Parameter XSS

The remote Dell Remote Access Controller iDRAC6 / iDRAC7 is affected by a cross-site scripting vulnerability in the login page due to improper sanitization of user-supplied input to the 'ErrorMsg' parameter. An attacker can exploit this to inject arbitrary HTML and script code into a user's brows...

4.3CVSS5.7AI score0.01634EPSS
Exploits0References2
NVD
NVD
added 2013/09/24 10:35 a.m.27 views

CVE-2013-3589

Cross-site scripting XSS vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter...

4.3CVSS5.8AI score0.01634EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/09/24 10:0 a.m.29 views

CVE-2013-3589

Cross-site scripting XSS vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter...

5.7AI score0.01634EPSS
Exploits0References2
Prion
Prion
added 2013/07/08 10:55 p.m.18 views

Authentication flaw

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. NOTE: the vendor disputes the...

10CVSS8.5AI score0.03384EPSS
Exploits0References7
Rows per page
Query Builder