Lucene search
K

145 matches found

ATTACKERKB
ATTACKERKB
added 2022/10/07 7:15 p.m.8 views

CVE-2022-37893

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x...

7.8CVSS6.1AI score0.00771EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.6 views

PT-2022-24127 · Aruba · Aruba Instant +1

Name of the Vulnerable Software and Affected Versions: Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS...

7.8CVSS7.8AI score0.00771EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/02/04 11:15 p.m.6 views

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

8.8CVSS7.7AI score0.0128EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/22 5:0 p.m.17 views

CVE-2020-5316

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an...

7.8CVSS7.6AI score0.00294EPSS
Exploits0References1
Prion
Prion
added 2021/07/07 2:15 p.m.15 views

Command injection

Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

6.5CVSS7.3AI score0.01743EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.6 views

Mongodb Server 安全漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB that allows privileged execution of arbitrary software...

7.8CVSS7.7AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.7 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel, which stems from a logic error in the NXP NFC firmware that could allow for an insecure firmware update. This could result in the...

6.7CVSS5.8AI score0.00139EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.7 views

Cisco Jabber 授权问题漏洞

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The program provides online status display, instant messaging, voice and other features. There is an authorization issue vulnerability in Cisco Jabber that arises from the software allowing...

9.9CVSS7.6AI score0.01123EPSS
Exploits0References3
0day.today
0day.today
added 2020/09/16 12:0 a.m.91 views

Mida Solutions eFramework ajaxreq.php Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apach...

10CVSS0.5AI score0.98239EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2020/07/07 12:0 a.m.39 views

Dell SupportAssist Uncontrolled Search Path Vulnerability (DSA-2020-005)

Dell SupportAssist for business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2020/06/22 6:15 p.m.4 views

CVE-2020-11520

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution...

7.8CVSS7.3AI score0.00419EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/04/21 12:0 a.m.132 views

NSClient++ 0.5.2.35 Authenticated Remote Code Execution

Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-04-20 Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64 CVE: N/A NSClient++ ...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.32 views

NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit

Exploit for jsp platform in category web applications Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64...

7.4AI score
Exploits0
Prion
Prion
added 2020/04/08 6:15 p.m.17 views

Code injection

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 December 2018...

7.5CVSS9.6AI score0.00628EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/03/31 8:33 p.m.5 views

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

5.6CVSS7.3AI score0.00339EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/03/25 12:0 a.m.5 views

The vulnerability of the Windows Language Pack Installer component on Windows operating systems allows a malicious individual to execute processes under privileged access.

The vulnerability of the Windows Language Pack Installer component in Windows operating systems is related to file operation errors. Exploiting this vulnerability can allow an attacker to execute processes in privileged mode using a specially created application...

7.8CVSS7.3AI score0.00731EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/03/05 12:53 p.m.4 views

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

8.8CVSS5.7AI score0.03089EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.4 views

The vulnerability in the web interface for managing microprogrammed software in Cisco SPA100 Series IP phones allows a perpetrator to execute arbitrary code with elevated privileges.

The vulnerability in the web interface for managing Microprogramming software in Cisco SPA100 Series IP phones is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges using a...

8CVSS6.4AI score0.00578EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2019/05/15 12:0 a.m.1 views

Cisco NX-OS Command Injection Vulnerability

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco NX-OS. The vulnerability stems from insufficient validation of parameters...

7.8CVSS8.1AI score0.00543EPSS
Exploits0References1
OSV
OSV
added 2019/04/08 10:29 p.m.3 views

DEBIAN-CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

7.8CVSS8.4AI score0.65005EPSS
Exploits8References1
Rows per page
Query Builder