Lucene search
K

19639 matches found

OSV
OSV
added 2024/06/20 1:15 p.m.4 views

CVE-2024-6186

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument adlogname leads to os command injection. It is possible to initiate the attack remotely. The exploi...

9.8CVSS5.5AI score0.08722EPSS
Exploits1References4
OSV
OSV
added 2024/06/20 1:15 p.m.3 views

CVE-2024-6187

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/subcommit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been...

9.8CVSS5.7AI score0.07638EPSS
Exploits1References4
OSV
OSV
added 2024/06/20 12:15 p.m.2 views

CVE-2024-6185

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function getipaddrdetails of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely...

8.8CVSS6.2AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/06/20 12:0 a.m.4 views

The vulnerability of ASUS routers, related to the unlimited loading of dangerous files, allows attackers to execute arbitrary commands.

The vulnerability of ASUS routers is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS6.2AI score0.01031EPSS
Exploits2References2Affected Software14
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.3 views

PT-2024-27683 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: A command injection issue allows a remote attacker to execute arbitrary code via the iface parameter in the vif enable function. This enables the attacker to inject and execute command...

8.8CVSS8.8AI score0.01782EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.3 views

PT-2024-37441 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical vulnerability has been found in the file /view/vpn/autovpn/sub commit.php, where the manipulation of the key argument leads to os command injection. The attack can be initiated remotely. The...

9.8CVSS7.5AI score0.07638EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.8 views

The vulnerability of the PT Network Attack Discovery (PT NAD) traffic analysis system arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the superuser.

The vulnerability of the PT Network Attack Discovery PT NAD traffic analysis system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on behalf of the superuser...

9.6CVSS6AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.3 views

GeoVision EOL Operating System Command Injection Vulnerability

GeoVision EOL is a series of surveillance devices from GeoVision Japan. The GeoVision EOL suffers from an operating system command injection vulnerability that stems from an inability to properly filter user input. A remote attacker could exploit this vulnerability to inject and execute arbitrary...

9.8CVSS8.1AI score0.09992EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.3 views

PT-2024-5054

Name of the Vulnerable Software and Affected Versions GeoVision devices affected versions not specified Description The issue exists due to the failure to properly filter user input for specific functionality, allowing unauthenticated remote attackers to inject and execute arbitrary system comman...

9.8CVSS9.6AI score0.09992EPSS
Exploits1References57
OSV
OSV
added 2024/06/15 11:7 p.m.8 views

MGASA-2024-0224 Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

8.5CVSS8.5AI score0.01016EPSS
Exploits2References3
Mageia
Mageia
added 2024/06/15 11:7 p.m.37 views

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

8.5CVSS7.5AI score0.01016EPSS
Exploits2References2
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.33 views

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...

8.8CVSS7.2AI score0.01002EPSS
Exploits0
OSV
OSV
added 2024/06/14 1:59 p.m.29 views

RLSA-2024:3264 Important: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

8.8CVSS8.8AI score0.01002EPSS
Exploits0References2
Gitee
Gitee
added 2024/06/14 8:9 a.m.59 views

Exploit for Deserialization of Untrusted Data in Apache Dubbo

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0=Apache ActiveMQ5.18.3, 5.17.0=Apache ActiveMQ5.17.6, 5.16.0=Apache ActiveMQ5.16.7, 5.15.0=Apache ActiveMQ5.15.15 利用方式: 利用ActiveMQ的反序列化漏洞,可以执行任意命令 漏洞回显复现: 漏洞脚本: https://github.com/Fw-fW-fw/activemqThrowable, https://github.com/sincere9/Apache-ActiveMQ-RCE Apach...

9.8CVSS7AI score0.07401EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/06/14 7:4 a.m.1008 views

Exploit for CVE-2024-27173

Poc CVE-2024-27173 Join t.me/SpiderzTM - Shodan and FOFA D...

9.8CVSS7.1AI score0.03166EPSS
Exploits2
NVD
NVD
added 2024/06/14 4:15 a.m.15 views

CVE-2024-27172

Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL...

9.8CVSS0.26811EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 4:4 a.m.24 views

CVE-2024-27175 Local File Inclusion

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL...

4.4CVSS6.9AI score0.00851EPSS
Exploits1References4
CVE
CVE
added 2024/06/14 4:4 a.m.54 views

CVE-2024-27175

CVE-2024-27175 affects Toshiba e-STUDIO/MFP devices, where a Local File Inclusion vulnerability allows an attacker to read arbitrary files on the printer via unsafely processed input. The root cause is insufficient validation of filename input, enabling information disclosure via the device UI or...

4.4CVSS5.2AI score0.00851EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/14 4:3 a.m.18 views

CVE-2024-27174 insecure upload

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...

9.8CVSS0.01635EPSS
Exploits1References4
CVE
CVE
added 2024/06/14 4:3 a.m.59 views

CVE-2024-27174

CVE-2024-27174 affects Toshiba multi-function printers (e.g., Toshiba e-STUDIO/MFP family) via the Remote Command program, enabling remote code execution. Root cause involves the Remote Command component allowing untrusted input to trigger code execution; impact includes full confidentiality, int...

9.8CVSS10AI score0.01635EPSS
Exploits1References4
Rows per page
Query Builder