Lucene search
K

1234 matches found

OSV
OSV
added 2019/10/08 7:15 p.m.3 views

CVE-2019-17186

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication remote code execution...

8.8CVSS7.6AI score0.05871EPSS
Exploits1References1
NVD
NVD
added 2019/10/08 7:15 p.m.19 views

CVE-2019-17186

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication remote code execution...

9CVSS9.1AI score0.05871EPSS
Exploits1References1
Prion
Prion
added 2019/10/08 7:15 p.m.21 views

Remote code execution

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication remote code execution...

9CVSS9AI score0.05871EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/08 6:12 p.m.17 views

CVE-2019-17186

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication remote code execution...

9.1AI score0.05871EPSS
Exploits1References1
OSV
OSV
added 2019/10/08 3:15 p.m.2 views

CVE-2019-17187

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication Directory Traversal for reading arbitrary files...

7.5CVSS7.2AI score0.10769EPSS
Exploits1References1
NVD
NVD
added 2019/10/08 3:15 p.m.17 views

CVE-2019-17187

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication Directory Traversal for reading arbitrary files...

7.5CVSS7.7AI score0.10769EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/10/08 2:34 p.m.21 views

CVE-2019-17187

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication Directory Traversal for reading arbitrary files...

7.7AI score0.10769EPSS
Exploits1References1
OSV
OSV
added 2019/10/02 4:15 p.m.19 views

CVE-2019-13343

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...

7.5CVSS7AI score0.02248EPSS
Exploits1References5
Prion
Prion
added 2019/10/02 4:15 p.m.136 views

Path traversal

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...

5CVSS7.6AI score0.02248EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2019/10/02 3:49 p.m.47 views

CVE-2019-13343

CVE-2019-13343 affects Butor Portal prior to 1.0.27 via a path traversal vulnerability in WhiteLabelingServlet. The t parameter is not properly sanitized, allowing a pre-authentication arbitrary file download by constructing a path like /wl?t=../../...&h=. Impact is potential exposure of server f...

9.9CVSS7.5AI score0.02248EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2019/10/02 3:49 p.m.33 views

CVE-2019-13343

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...

9.9CVSS7.6AI score0.02248EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2019/09/28 1:1 a.m.67 views

Exploit for Server-Side Request Forgery in Atlassian Jira_Server

Jira CVE-2019-8451 POC Description Proof of concept scan...

6.5CVSS6.9AI score0.94453EPSS
Exploits2
CNVD
CNVD
added 2019/09/26 12:0 a.m.2 views

Cisco IOS XE ISDN Data Leakage Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. A data leakage vulnerability exists in the Dialer interface feature for ISDN connections in Cisco IOS XE for Cisco 4000 Series Integrated Services Routers. The vulnerability stems from insufficient validation o...

7.5CVSS7AI score0.01425EPSS
Exploits0References1
OSV
OSV
added 2019/09/25 9:15 p.m.3 views

CVE-2019-12664

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers ISRs could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The...

7.5CVSS5.8AI score0.01425EPSS
Exploits0References1
Metasploit
Metasploit
added 2019/08/22 10:58 p.m.76 views

Ubiquiti airOS Arbitrary File Upload

This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2019/08/22 8:18 a.m.109 views

Exploit for Path Traversal in Ivanti Connect_Secure

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading...

10CVSS9.4AI score0.99999EPSS
Exploits22
CNVD
CNVD
added 2019/08/15 12:0 a.m.3 views

CloudBees Jenkins Gitlab Authentication Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Gitlab Authentication Plugin, which can be exploited by an unauthorized attacker to impersonate...

7.5CVSS6.8AI score0.01306EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 9:15 p.m.2 views

CVE-2019-1222

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction...

9.8CVSS8.1AI score0.07586EPSS
Exploits0References3
OSV
OSV
added 2019/08/14 9:15 p.m.1 views

CVE-2019-1226

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction...

9.8CVSS8.1AI score0.07586EPSS
Exploits0References3
OSV
OSV
added 2019/08/14 9:15 p.m.1 views

CVE-2019-1182

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction...

9.8CVSS8.1AI score0.12934EPSS
Exploits0References3
Rows per page
Query Builder