Lucene search
K

746 matches found

Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.8 views

PT-2024-1409 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.15C0 Zyxel NAS542 versions through V5.21ABAG.12C0 Description: The issue is related to a post-authentication command injection vulnerability. It could allow an authenticated attacker with administrator...

8.3CVSS7.2AI score0.28472EPSS
Exploits0References6
0day.today
0day.today
added 2024/01/24 12:0 a.m.455 views

GL.iNet Unauthenticated Remote Command Execution Exploit

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...

9.8CVSS9.5AI score0.47804EPSS
Exploits5
OSV
OSV
added 2024/01/17 5:15 a.m.4 views

CVE-2024-0405

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

6.5CVSS7.3AI score0.00622EPSS
Exploits0References4
OSV
OSV
added 2023/12/07 8:15 a.m.4 views

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...

9.8CVSS6AI score0.01376EPSS
Exploits1References1
NVD
NVD
added 2023/12/07 8:15 a.m.18 views

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...

9.8CVSS0.01376EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/12/07 12:0 a.m.17 views

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...

9.9AI score0.01376EPSS
Exploits1References1
NVD
NVD
added 2023/12/06 3:15 p.m.22 views

CVE-2023-48859

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

8.8CVSS0.01201EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/06 3:15 p.m.4 views

CVE-2023-48859

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

8.8CVSS7.5AI score0.01201EPSS
Exploits1References2
OSV
OSV
added 2023/12/06 3:15 p.m.4 views

CVE-2023-48859

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

8.8CVSS6AI score0.01201EPSS
Exploits1References1
Prion
Prion
added 2023/12/06 3:15 p.m.23 views

Code injection

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

6.5CVSS7.9AI score0.01201EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/06 12:0 a.m.24 views

CVE-2023-48859

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

9.2AI score0.01201EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.5 views

PT-2023-30987 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 2.0.0-B20190902.1958 Description: The issue is related to a post-authentication remote code execution RCE due to incorrect access control. This allows attackers to bypass front-end security restrictions and execute...

8.8CVSS9AI score0.01201EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2023/12/05 12:0 a.m.393 views

FortiWeb VM 7.4.0 build577 CLI Crash

;; ;; FortiWeb VM v7.4.0 build577 Post-auth CLI Crash ;; ;; ... ;; ;; code610 / some debug notes fyi ;; ;; 17.11.2023 @ 23:33 ;; FortiWeb diagnose debug crashlog show 2023-11-16 05:07:00 application cli 2023-11-16 05:07:00 signal Segmentation fault received 2023-11-16 05:07:00 RIP 00007fdd1febf44...

7.4AI score
Exploits0
OSV
OSV
added 2023/11/30 2:15 a.m.3 views

CVE-2023-37928

A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable devic...

8.8CVSS5.9AI score0.602EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.7 views

PT-2023-8711 · Zyxel · Wax300H +6

Name of the Vulnerable Software and Affected Versions: ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50W/USG20W-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmwa...

8.3CVSS8.1AI score0.01333EPSS
Exploits0References11
OSV
OSV
added 2023/10/17 11:15 p.m.3 views

CVE-2023-41715

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel...

8.8CVSS7.1AI score0.00654EPSS
Exploits0References1
OSV
OSV
added 2023/10/17 11:15 p.m.3 views

CVE-2023-41711

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash...

6.5CVSS5.8AI score0.00803EPSS
Exploits0References1
OSV
OSV
added 2023/10/17 11:15 p.m.4 views

CVE-2023-39280

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash...

6.5CVSS7.1AI score0.00803EPSS
Exploits0References1
OSV
OSV
added 2023/10/17 11:15 p.m.1 views

CVE-2023-39276

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash...

6.5CVSS7.5AI score0.00803EPSS
Exploits0References1
NVD
NVD
added 2023/10/17 11:15 p.m.22 views

CVE-2023-39276

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash...

6.5CVSS7.2AI score0.00803EPSS
Exploits0References1
Rows per page
Query Builder