Lucene search
K

746 matches found

BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.8 views

The vulnerability of the executeWmicCmd method on the software platform of the integrated networking management device D-Link D-View allows a hacker to execute arbitrary code in the root context.

The vulnerability of the executeWmicCmd method in the D-Link D-View software platform exists because measures to neutralize the special elements used in the operating system command have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root...

9CVSS8.2AI score0.01929EPSS
Exploits0References4Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/06/18 12:0 a.m.41 views

Hewlett Packard Enterprise OneView Apache Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST service, which listens on TCP port 443 by...

8.2CVSS7.2AI score0.99999EPSS
Exploits5References1
BDU FSTEC
BDU FSTEC
added 2024/06/17 12:0 a.m.8 views

The vulnerability of the queryDeviceCustomMonitorResult method in the software platform of the D-Link D-View integrated network management system allows a hacker to execute arbitrary code in the root context.

The vulnerability of the queryDeviceCustomMonitorResult method in the D-Link D-View integrated network management software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the root user...

9CVSS8AI score0.01847EPSS
Exploits0References4Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/06/12 12:0 a.m.23 views

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.8AI score0.02585EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/12 12:0 a.m.31 views

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.8AI score0.02585EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/10 12:0 a.m.13 views

(Pwn2Own) NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issu...

7.5CVSS7AI score0.00555EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.9 views

The vulnerability of the executable file cmxddns in the microprogramming software of TP-Link Omada er605 allows a hacker to execute arbitrary code in the root context.

The vulnerability of the executable file cmxddnsd of the TP-Link Omada er605 microcontroller software is related to the use of weak security mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...

5CVSS6.6AI score0.00344EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.7 views

The vulnerability of TP-Link Omada er605’s microprogramming software arises from incorrect processing of DDNS error codes, allowing a intruder to execute any arbitrary code in the root context.

The vulnerability of TP-Link Omada er605 microprogramming software is caused by incorrect processing of DDNS error codes. Exploiting this vulnerability allows a remote attacker to execute any code within the root context...

7.5CVSS7.4AI score0.00791EPSS
Exploits1References5
NVD
NVD
added 2024/06/06 6:15 p.m.32 views

CVE-2024-5267

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS0.00743EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/06 5:50 p.m.20 views

CVE-2024-5267 Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS7.8AI score0.00743EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 5:50 p.m.50 views

CVE-2024-5267

CVE-2024-5267 describes a vulnerability in Sonos Era 100 where the SMB2 message handling allows an out-of-bounds write that can execute code with root privileges. The flaw comes from inadequate validation of user-supplied data, enabling a network-adjacent attacker (no authentication required) to ...

8.8CVSS9.1AI score0.00743EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/06 5:50 p.m.23 views

CVE-2024-5267 Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS0.00743EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.4 views

PT-2024-35407 · Sonos · Sonos Era 100

Name of the Vulnerable Software and Affected Versions: Sonos Era 100 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this issue...

8.8CVSS7.5AI score0.00743EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2024/05/31 12:0 a.m.20 views

Lexmark CX331adwe Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /usr/bin/hydra service, which listens on TCP port 9100 by...

6.3CVSS7.3AI score0.00267EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/31 12:0 a.m.27 views

(Pwn2Own) Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of...

8.8CVSS7.5AI score0.01203EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.25 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.5AI score0.0038EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.16 views

(0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the executeWmicCmd method. The...

8.8CVSS7.8AI score0.01929EPSS
Exploits0References1
OSV
OSV
added 2024/05/23 10:15 p.m.3 views

CVE-2024-5298

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existi...

8.8CVSS6.2AI score0.01847EPSS
Exploits0References1
NVD
NVD
added 2024/05/23 10:15 p.m.30 views

CVE-2024-5291

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.2AI score0.01966EPSS
Exploits0References1
NVD
NVD
added 2024/05/23 10:15 p.m.23 views

CVE-2024-5228

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this...

7.5CVSS8AI score0.00513EPSS
Exploits0References1
Rows per page
Query Builder