Lucene search
K

68 matches found

ATTACKERKB
ATTACKERKB
added 2023/10/14 2:15 a.m.5 views

CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

9.8CVSS7.2AI score0.14003EPSS
Exploits1References4
OSV
OSV
added 2023/10/14 2:15 a.m.4 views

CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

9.8CVSS6AI score0.14003EPSS
Exploits1References2
Prion
Prion
added 2023/10/14 2:15 a.m.18 views

Authentication flaw

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

7.5CVSS10AI score0.14003EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/11/23 5:15 p.m.4 views

CVE-2022-38115

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

5.3CVSS5.8AI score0.00651EPSS
Exploits0References2
0day.today
0day.today
added 2022/05/12 12:0 a.m.392 views

TLR-2005KSH - Arbitrary File Upload Vulnerability

Exploit Title: TLR-2005KSH - Arbitrary File Upload Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428 Vulnerability Description...

9.8CVSS0.7AI score0.56931EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.272 views

TLR-2005KSH Arbitrary File Upload

Exploit Title: TLR-2005KSH - Arbitrary File Upload Date: 2022-05-11 Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428...

9.8CVSS0.3AI score0.56931EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2022/04/07 12:15 p.m.6 views

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

7.5CVSS7.2AI score0.23945EPSS
Exploits4References4
NVD
NVD
added 2022/04/07 12:15 p.m.29 views

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

7.5CVSS0.23945EPSS
Exploits4References2
Prion
Prion
added 2022/04/07 12:15 p.m.22 views

Design/Logic Flaw

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

5CVSS7.5AI score0.23945EPSS
Exploits4References2
Cvelist
Cvelist
added 2022/04/07 11:18 a.m.37 views

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

7.7AI score0.23945EPSS
Exploits4References2
CVE
CVE
added 2022/04/07 11:18 a.m.109 views

CVE-2021-46418

Telesquare TLR-2855KS6 is affected by CVE-2021-46418. The Nuclei template documents an unauthenticated vulnerability where an HTTP PUT request can create arbitrary files, including CGI scripts, on the device. Impact is described as potentially enabling remote code execution via file creation. Aff...

7.5CVSS7.5AI score0.23945EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.10 views

Telesquare TLR-2855KS6 安全漏洞

The Telesquare TLR-2855KS6 is an LTE router from Telesquare Korea. A security vulnerability exists in the Telesquare TLR-2855KS6 that stems from an unauthorized file creation vulnerability via the PUT method that could allow the creation of CGI scripts...

7.5CVSS7.3AI score0.23945EPSS
Exploits4References5
GithubExploit
GithubExploit
added 2022/02/22 2:9 p.m.469 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112 CVE-2022-24112: Apache APISIX apisix/batch-re...

9.8CVSS7.5AI score0.96182EPSS
Exploits20
NVD
NVD
added 2022/01/03 2:15 p.m.35 views

CVE-2021-45428

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

9.8CVSS0.56931EPSS
Exploits5References2
Prion
Prion
added 2022/01/03 2:15 p.m.12 views

Improper access control

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

7.5CVSS9.5AI score0.56931EPSS
Exploits5References2
Cvelist
Cvelist
added 2022/01/03 1:25 p.m.37 views

CVE-2021-45428

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

9.8AI score0.56931EPSS
Exploits5References2
CVE
CVE
added 2022/01/03 1:25 p.m.258 views

CVE-2021-45428

Summary: CVE-2021-45428 affects Telesquare TLR-2005KSH 1.0.0. An incorrect access control vulnerability leaves the PUT/WebDAV path enabled, allowing an attacker to upload arbitrary files (e.g., HTML/CGI). This can lead to remote code execution as described in public exploit notes. The NVD metrics...

9.8CVSS9.4AI score0.56931EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2021/12/23 8:15 p.m.5 views

CVE-2021-35243

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server 12.7.7 and earlier, allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the...

7.5CVSS5.9AI score0.009EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/23 12:0 a.m.4 views

Solarwinds Web Help Desk 安全漏洞

Solarwinds Web Help Desk is a suite of help desk and asset management software from Solarwinds USA. The software supports features such as centralized knowledge base, IT asset management, project and task management. A security vulnerability exists in Solarwinds Web Help Desk web server version...

7.5CVSS7.4AI score0.009EPSS
Exploits0References2
Gitee
Gitee
added 2021/10/22 9:52 p.m.5 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This is a Python script for exploiting a vulnerability in Apache ActiveMQ. The script is designed to upload a shell to the server using the PUT method. The vulnerability being exploited is CVE-2016-3088. The script requires the user to provide the URL of the ActiveMQ server, the username, and the...

9.8CVSS7.3AI score0.98518EPSS
Exploits19
Rows per page
Query Builder