Lucene search
K

124 matches found

Packet Storm
Packet Storm
added 2023/03/23 12:0 a.m.370 views

Monitorr 1.7.6m / 1.7.7d Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...

9.8CVSS9.4AI score0.85785EPSS
Exploits8
Metasploit
Metasploit
added 2023/03/22 7:50 p.m.318 views

Monitorr unauthenticated Remote Code Execution (RCE)

This module exploits an arbitrary file upload vulnerability and achieving an RCE in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this...

9.8CVSS8.7AI score0.85785EPSS
Exploits8
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.4 views

M-Files Server 安全漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 22.6.11534.1, prior to 22.6.11505.0, which stems from an error in a parser function. An attacker could exploit the vulnerability to access certain information i...

5.3CVSS5.9AI score0.00581EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.5 views

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for providing PeopleSoft applications with the ability to stay in sync with users' needs and expectations. A security vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools. A low-privileged attacker could log in to the...

5.5CVSS6.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2022/06/24 11:45 a.m.64 views

CVE-2021-41636

MELAG FTP Server 2.2.0.4 exposes a directory-traversal issue: the CWD command can break out of the FTP server’s root and allow an attacker to operate on the underlying OS, constrained only by the user’s access restrictions. Affected: MELAG FTP Server 2.2.0.4. Root cause: path handling in CWD enab...

6.8CVSS6.6AI score0.01317EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/24 12:0 a.m.5 views

PT-2022-3965 · Illumina · Illumina Local Run Manager

Name of the Vulnerable Software and Affected Versions: Illumina Local Run Manager affected versions not specified Description: The issue is related to incorrect code generation management in Illumina Local Run Manager. An unauthenticated malicious actor can upload and execute code remotely at the...

10CVSS9.4AI score0.01633EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.3 views

Cisco SD-WAN vManage Software 安全漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco, U.S. An information disclosure vulnerability exists in Cisco SD-WAN vManage Software, which stems from insufficient checks of API authorization to the underlying operating...

6.5CVSS5.8AI score0.00877EPSS
Exploits0References3
NCSC
NCSC
added 2022/04/13 12:0 a.m.8 views

Vulnerabilities fixed in Citrix products

Citrix has fixed several vulnerabilities in Citrix SD-WAN, Storefront, Endpoint Management and Gateway Plug-in. The vulnerabilities allow a remote malicious party to cause a Denial-of-Service DoS attack. The vulnerabilities with characteristics CVE-2022-27505 and CVE-2022-27506 are located in...

9CVSS8.6AI score0.07582EPSS
Exploits0
OSV
OSV
added 2022/02/24 7:15 p.m.3 views

CVE-2020-14481

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain...

7.8CVSS5.8AI score0.0016EPSS
Exploits0References1
Prion
Prion
added 2022/02/24 7:15 p.m.17 views

Default credentials

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain...

2.1CVSS7.5AI score0.0016EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/01/25 11:15 p.m.6 views

CVE-2021-36347

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating...

7.2CVSS7.1AI score0.02397EPSS
Exploits0References1
OSV
OSV
added 2021/11/23 8:15 p.m.2 views

CVE-2021-36301

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...

7.2CVSS7.2AI score0.27698EPSS
Exploits0References1
NVD
NVD
added 2021/11/23 8:15 p.m.18 views

CVE-2021-36301

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...

7.2CVSS0.27698EPSS
Exploits0References1
Prion
Prion
added 2021/11/23 8:15 p.m.18 views

Stack overflow

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...

6.5CVSS7.1AI score0.27698EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.7 views

Dell EMC iDRAC9和Dell EMC iDRAC8 缓冲区错误漏洞

DELL Dell EMC iDRAC9 and Dell EMC iDRAC8 are both products of Dell DELL Corporation, U.S.A. The Dell EMC iDRAC9 is a system management solution that includes hardware and software. The Dell EMC iDRAC9 is a hardware and software systems management solution that provides remote management, crash...

7.2CVSS7.4AI score0.27698EPSS
Exploits0References3
CheckPoint Security
CheckPoint Security
added 2021/11/04 12:0 a.m.187 views

Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities

Cause CVE-2021-36299 - An SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. CVE-2021-36300 -...

8.2CVSS8.1AI score0.43862EPSS
Exploits0
CNVD
CNVD
added 2021/05/21 12:0 a.m.6 views

SearchBlox File Inclusion Vulnerability

SearchBlox is an application from US-based SearchBlox, Inc. Provides a powerful enterprise search architecture for on-premise or cloud deployments. A security vulnerability exists in SearchBlox versions prior to 9.2.2 that allows remote, unauthenticated users to read arbitrary files from the...

7.5CVSS6.9AI score0.13975EPSS
Exploits1References1
CNVD
CNVD
added 2021/03/25 12:0 a.m.9 views

Cisco IOS XE SD-WAN Parameter Injection Vulnerability

Cisco IOS XE is an open and flexible operating system optimized for future work. A parameter injection vulnerability exists in Cisco IOS XE versions after 17.3.1. The vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit the vulnerability to gain...

7.2CVSS7.2AI score0.00592EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/03/24 8:6 p.m.23 views

CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...

6CVSS6.8AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/12 12:0 a.m.6 views

Nedi Consulting NeDi 操作系统命令注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...

8.8CVSS7.4AI score0.0149EPSS
Exploits1References2
Rows per page
Query Builder