Lucene search
K

19641 matches found

BDU FSTEC
BDU FSTEC
added 2024/05/31 12:0 a.m.6 views

The vulnerability of TP-Link Archer C5400X(EU) Wi-Fi routers’ microprogramming software lies in the lack of measures taken to clean data at the control level. This allows attackers to execute arbitrary commands with elevated privileges.

The vulnerability of TP-Link Archer C5400XEU Wi-Fi routers’ microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with elevated privileges...

10CVSS6.2AI score0.03244EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/30 5:39 a.m.1 views

awkblog vulnerable to OS command injection

Overview awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Keigo YAMAZAKI of LAC Co., Ltd. / Nuligen Security Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

9.8CVSS7.6AI score0.01571EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.6 views

PT-2024-4058 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version V9.3.5u.6369 B20220309 Description: The issue is related to the NTPSyncWithHost function in the TOTOLINK LR350 router's firmware, which lacks input validation. This can be exploited by a remote attacker to execute...

9.8CVSS7.9AI score0.01386EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.3 views

The vulnerability of the /view/vpn/autovpn/sub_commit.php file in the Ruijie RG-UAC router microprogramming software allows a perpetrator to execute any command they desire.

The vulnerability of the /view/vpn/autovpn/subcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

6.5CVSS5.9AI score0.07871EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.6 views

The vulnerability of the /view/vpn/autovpn/online.php file in the Ruijie RG-UAC router microprogramming software allows a hacker to execute any command they desire.

The vulnerability of the /view/vpn/autovpn/online.php file of the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

6.5CVSS5.9AI score0.07871EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.8 views

The vulnerability of the /view/systemConfig/sys_user/user_commit.php file in the Ruijie RG-UAC router microprogramming system allows a attacker to execute any command they desire.

The vulnerability of the /view/systemConfig/sysuser/usercommit.php file in the Ruijie RG-UAC network management tool exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

6.5CVSS5.8AI score0.0905EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.4 views

The vulnerability of the /view/vpn/autovpn/online_check.php file in the Ruijie RG-UAC router micro-programming software allows a perpetrator to execute any command they desire.

The vulnerability of the /view/vpn/autovpn/onlinecheck.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

6.5CVSS5.9AI score0.07871EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.4 views

The vulnerability of the addVlan function (/view/networkConfig/vlan/vlan_add_commit.php) in the Tenda FH1206 router software allows a hacker to trigger a service failure.

The vulnerability of the addVlan function /view/networkConfig/vlan/vlanaddcommit.php of the Tenda FH1206 router software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

5.5CVSS5.9AI score0.0184EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.5 views

The vulnerability of the OXMF template parser component in the OX App Suite software allows a perpetrator to execute arbitrary commands and gain access to read, modify, or delete data.

The vulnerability of the OXMF template parser component in the OX App Suite program lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain acces...

10CVSS8AI score0.0133EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.3 views

The vulnerability of the /view/networkConfig/GRE/gre_edit_commit.php file in the Ruijie RG-UAC router microprogramming software allows a attacker to execute any command they desire.

The vulnerability of the /view/networkConfig/GRE/greeditcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

6.5CVSS5.9AI score0.05044EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/05/28 8:16 p.m.9 views

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...

8.1CVSS7AI score0.00941EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/28 7:21 p.m.26 views

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...

7AI score0.00941EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/05/28 12:48 p.m.25 views

Important: Red Hat Security Advisory: pcp security update

An update for pcp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

8.8CVSS7.1AI score0.01002EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/28 12:48 p.m.8 views

pcp: exposure of the redis server backend allows remote command execution via pmproxy

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS6.9AI score0.01002EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.3 views

Vtenext 安全漏洞

Vtenext is a Customer Relationship Management system from the Italian company Vtenext that helps users manage the CRM process in their business activities. A security vulnerability exists in Vtenext version 21.02, which arises from the application's failure to implement proper authentication...

8.1CVSS7.2AI score0.00941EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.5 views

PT-2024-13371 · Vtenext +1 · Vtenext +1

Name of the Vulnerable Software and Affected Versions: Vtenext version 21.02 Description: The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication...

8.1CVSS7.8AI score0.00941EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.15 views

RHEL 8 : pcp (RHSA-2024:3392)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS7.4AI score0.01002EPSS
Exploits0References4
CVE
CVE
added 2024/05/27 6:59 a.m.44 views

CVE-2024-5403

CVE-2024-5403 affects ASKEY 5G NR Small Cell. The issue is an OS/command-injection vulnerability caused by improper filtering of user input for certain functionalities, enabling remote attackers with administrator privileges to execute arbitrary system commands on the remote server. CVSSv3.1 metr...

7.2CVSS7.4AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2024/05/27 6:15 a.m.4 views

CVE-2024-5400

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

8.8CVSS6.1AI score0.00578EPSS
Exploits0References1
OSV
OSV
added 2024/05/27 4:15 a.m.5 views

CVE-2024-5399

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

7.2CVSS6.1AI score0.00562EPSS
Exploits0References1
Rows per page
Query Builder