Lucene search
K

19628 matches found

Cvelist
Cvelist
added 2024/09/09 12:0 a.m.63 views

CVE-2024-44333

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...

0.12441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-6518 · D Link · Di-7200Gv2 +4

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 Description: The...

8.8CVSS8AI score0.31751EPSS
Exploits0References6
CVE
CVE
added 2024/09/09 12:0 a.m.44 views

CVE-2024-44334

CVE-2024-44334 affects D-Link DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 with firmware 24.04.18D1/D1/E1. Root cause: insufficient parameter filtering in the CGI upgrade_filter.asp function allowing Remote Command Execution. Impact: high (Remote Command Execution...

8.8CVSS7.2AI score0.31751EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/09 12:0 a.m.5 views

D-Link多款产品 安全漏洞

D-Link DI-7003G and others are a wireless router from China-based AUO D-Link. A security vulnerability exists in various D-Link products. An attacker exploiting the vulnerability can remotely execute commands. The following products and versions are affected: D-Link DI-7003G v19.12.24A1, DI-7003G...

8.8CVSS7AI score0.12441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.3 views

PT-2024-32391 · Dataease +1 · Dataease +1

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.25 Description: DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the...

9.8CVSS7.2AI score0.00569EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/09/09 12:0 a.m.6 views

Vulnerability of QTS and QuTS operating systems, as well as Qnap network devices, arises from the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of QTS and QuTS operating systems, as well as Qnap network devices, is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

10CVSS5.8AI score0.00938EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.6 views

PT-2024-8974 · Dell · Dell Enterprise Sonic Os

Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.1.x through 4.2.x Description: The issue is related to an improper neutralization of special elements used in an OS command, which can be exploited by a high-privileged attacker with remote access to execut...

9.1CVSS8.6AI score0.01392EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.4 views

QNAP Systems QTS 操作系统命令注入漏洞

QNAP Systems QTS is an operating system used by China Weilian Technology QNAP Systems for entry to mid-level QNAP NAS. An operating system command injection vulnerability exists in QNAP Systems QTS version 4.3.6.2805 build 20240619 and prior versions, which stems from the inclusion of an operatin...

7.2CVSS7.8AI score0.01212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-31141 · Unknown · Wayos Fbm-291W

Name of the Vulnerable Software and Affected Versions: WAYOS FBM-291W version 19.09.11 Description: The issue is related to Command Execution via msp info htm. This vulnerability occurs through the "msp info htm" endpoint, allowing for command execution. Recommendations: For WAYOS FBM-291W versio...

8CVSS7.4AI score0.00528EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2024/09/04 12:0 a.m.285 views

Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 BackDoor Pro - v2.0b4 Vulnerability: Unauthenticated Remote Command...

7.4AI score
Exploits0
OSV
OSV
added 2024/09/03 4:15 p.m.7 views

CVE-2024-42991

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...

8.1CVSS7.2AI score
Exploits0References1
NVD
NVD
added 2024/09/03 4:15 p.m.12 views

CVE-2024-42991

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...

8.1CVSS0.00806EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/03 12:0 a.m.13 views

CVE-2024-42991

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...

7.3AI score0.00806EPSS
Exploits1References1
CVE
CVE
added 2024/09/03 12:0 a.m.56 views

CVE-2024-42991

CVE-2024-42991 affects MCMS v5.4.1, where a front-end file upload vulnerability can lead to remote command execution. The Red Hat / NVD / OSV / CVE records agree on the symptom; exploitation details are not provided in the connected documents. A practical mitigation mentioned in PT-2024-30245 is ...

8.1CVSS7AI score0.00806EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.5 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.1, which stems from improper handling of the front-end file upload function, and could lead to remote command execution...

8.1CVSS7.2AI score0.00806EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.5 views

PT-2024-30245 · Mcms · Mcms

Name of the Vulnerable Software and Affected Versions: MCMS version 5.4.1 Description: The issue is related to a front-end file upload vulnerability in MCMS, which can lead to remote command execution. This allows an attacker to execute commands remotely. Recommendations: For MCMS version 5.4.1,...

8.1CVSS7.7AI score0.00806EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/09/03 12:0 a.m.19 views

CVE-2024-42991

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...

0.00806EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.6 views

PT-2024-6139 · Zyxel · Wax655E +4

Name of the Vulnerable Software and Affected Versions: Zyxel NWA1123ACv3 versions 6.70ABVT.4 and earlier Zyxel WAC500 versions 6.70ABVS.4 and earlier Zyxel WAX655E versions 7.00ACDO.1 and earlier Zyxel WBE530 versions 7.00ACLE.1 and earlier Zyxel USG LITE 60AX version V2.00ACIP.2 Description: The...

10CVSS8.3AI score0.11269EPSS
Exploits0References57
BDU FSTEC
BDU FSTEC
added 2024/09/02 12:0 a.m.4 views

The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface allows a attacker to execute arbitrary SQL commands.

The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

9.4CVSS6AI score0.00488EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.187 views

D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an OS Command Injection vulnerability...

7.4AI score
Exploits0
Rows per page
Query Builder