Lucene search
K

333 matches found

Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.4 views

PT-2024-19168 · Osc +2 · Osc +2

Name of the Vulnerable Software and Affected Versions: osc affected versions not specified Description: The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References36
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/17 6:21 a.m.14 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
Github Security Blog
Github Security Blog
added 2024/06/04 2:47 p.m.14 views

XML External Entity (XXE) Processing in TYPO3 Core

All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external file content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see...

6.9AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/30 4:5 p.m.11 views

CVE-2024-35432

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...

6.2AI score0.00418EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.7 views

RoamWiFi R10 安全漏洞

RoamWiFi R10 is a portable Internet wireless router from RoamWiFi. A security vulnerability exists in RoamWiFi R10 versions prior to 4.8.45, which stems from a vulnerability that allows an attacker to insert sensitive information into log files...

6.5CVSS6.4AI score0.00278EPSS
Exploits0References4
OSV
OSV
added 2024/04/10 7:15 a.m.4 views

CVE-2024-22450

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise...

7.8CVSS5.8AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-2775 · Dell · Dell Alienware Command Center

Name of the Vulnerable Software and Affected Versions: Dell Alienware Command Center versions prior to 6.2.7.0 Description: The issue is related to an uncontrolled search path element, which could allow a local malicious user to inject malicious files into the file search path. This could lead to...

7.8CVSS7.9AI score0.002EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.38 views

EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-3398)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,...

7.8CVSS7AI score0.52164EPSS
Exploits2References4
OSV
OSV
added 2023/10/20 5:15 a.m.5 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.8CVSS6AI score0.44667EPSS
Exploits1References1
Prion
Prion
added 2023/10/20 5:15 a.m.27 views

Authentication flaw

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

7.5CVSS10AI score0.44667EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/20 4:11 a.m.11 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.9AI score0.44667EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.12 views

PT-2023-6318

Name of the Vulnerable Software and Affected Versions VMware Aria Operations for Logs affected versions not specified Description The issue is related to an authentication bypass vulnerability in VMware Aria Operations for Logs. This vulnerability can be exploited by an unauthenticated, malicious...

9.8CVSS7.7AI score0.44667EPSS
Exploits1References33
GithubExploit
GithubExploit
added 2023/09/28 8:49 p.m.320 views

Exploit for NULL Pointer Dereference in Gpac

CVE-2023-4683-Test This repo holds an easy to use POC for CVE...

8.8CVSS8AI score0.99735EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.5 views

PT-2023-5230 · Ge · Ge Cimpicity

Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...

7.8CVSS7.5AI score0.00183EPSS
Exploits0References13
Huntr
Huntr
added 2023/06/12 8:34 p.m.32 views

Desktop APP RCE via saveDraft IPC

🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 commit 5383c20e947fd772668316e407edc5d5db4850db, the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example: j...

7.5CVSS7.1AI score0.01069EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.10 views

PT-2023-7355 · Splunk · Universal Forwarder +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...

10CVSS7.6AI score0.00341EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.5 views

Personal Weather Station Dashboard 信任管理问题漏洞

Personal Weather Station Dashboard PWSDashboard is a data-rich weather dashboard from PWSDashboard open source. A security vulnerability exists in Personal Weather Station Dashboard. An attacker can exploit this vulnerability to execute remote code by injecting PHP code into settings.php...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/04/17 12:0 a.m.10 views

CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

8.2CVSS8AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/17 12:0 a.m.28 views

CVE-2023-28960 Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

8.2CVSS8.2AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2023/04/15 10:15 a.m.4 views

CVE-2023-2093

A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS6.5AI score0.00749EPSS
Exploits1References3
Rows per page
Query Builder