CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2018/03/07 12:0 a.m.•1 views

PrivateVPN for macOS Privilege Permission and Access Control Vulnerability

PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS based platforms. The vulnerability can be exploited by an attacker to execute arbitrary code as root by sending a malicio...

10CVSS7.8AI score0.00695EPSS

CNVD•added 2018/03/07 12:0 a.m.•2 views

PrivateVPN for macOS Privilege Permission and Access Control Vulnerability (CNVD-2018-04750)

PrivateVPN for macOS is a macOS-based VPN software for anonymous access to the Internet. A privilege permission and access control vulnerability exists in PrivateVPN for macOS-based platforms. An attacker can exploit the vulnerability by sending an XPC message to the XPC service with a...

10CVSS7.3AI score0.00695EPSS

OSV•added 2018/02/27 7:29 p.m.•2 views

DEBIAN-CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

7.8CVSS7.4AI score0.00047EPSS

OSV•added 2018/02/06 3:29 p.m.•1 views

CVE-2018-6289

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...

9.8CVSS5.8AI score0.02269EPSS

Exploits1References2

OSV•added 2018/01/25 5:29 p.m.•2 views

CVE-2018-5997

An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root...

9.8CVSS6.3AI score

OSV•added 2018/01/03 8:29 p.m.•0 views

UBUNTU-CVE-2017-1000469

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user...

9.8CVSS7.5AI score0.0095EPSS

Exploits1References5

Exploit DB•added 2018/01/03 12:0 a.m.•51 views

WDMyCloud < 2.30.165 - Multiple Vulnerabilities

WDMyCloud Multiple Vulnerabilities Vendor: Western Digital Product: WDMyCloud Version: = 2.30.165 Website: https://www.wdc.com/products/network-attached-storage.html / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development...

7.4AI score

Exploits0

Packet Storm•added 2017/12/19 12:0 a.m.•219 views

Palo Alto Networks PAN-OS Cookie Injection

!/bin/bash Exploit Title: Fake Cookie Injection PoC - CVE-2017-15944 Date: December 15, 2017 Description: Create a take custom cookie and then verify it. CVE: CVE-2017-15944 Author: Fernando Lagos Zerial https://twitter.com/Zerial https://blog.zerial.org https://nivel4.com Example: $ bash...

0.6AI score0.94021EPSS

seebug.org•added 2017/12/14 12:0 a.m.•130 views

Palo Alto Networks firewalls remote root code execution(CVE-2017-15944)

This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier, PAN-OS...

7.5CVSS0.94021EPSS

Exploit DB•added 2017/12/14 12:0 a.m.•131 views

Palo Alto Networks Firewalls - Root Remote Code Execution

9.8CVSS9.6AI score0.94021EPSS

CNVD•added 2017/12/14 12:0 a.m.•3 views

Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability

The Western Digital MyCloud PR4100 is a networked cloud storage device from Western Digital.The web administration component is one of the web administration components. A security vulnerability exists in the Web administration component of the Western Digital MyCloud PR4100 version 2.30.172. An...

10CVSS7.9AI score0.83376EPSS

Exploits6References1

Packet Storm•added 2017/12/13 12:0 a.m.•126 views

Palo Alto Networks Firewalls Remote Root Code Execution

Hello, This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier,...

0.3AI score0.94021EPSS

RedhatCVE•added 2017/11/24 4:19 p.m.•16 views

CVE-2017-16834

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account...

7.8CVSS6.7AI score0.00038EPSS

NVD•added 2017/11/16 2:29 a.m.•10 views

CVE-2017-16834

7.8CVSS7.9AI score0.00038EPSS

OSV•added 2017/11/16 2:29 a.m.•8 views

CVE-2017-16834

7.8CVSS7.7AI score

UbuntuCve•added 2017/11/16 2:29 a.m.•14 views

CVE-2017-16834

7.8CVSS7.5AI score0.00038EPSS

Cvelist•added 2017/11/16 2:0 a.m.•15 views

CVE-2017-16834

7.9AI score0.00038EPSS

OSV•added 2017/09/26 1:29 a.m.•1 views

CVE-2017-9958

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root...

7.8CVSS7.6AI score0.00055EPSS

OSV•added 2017/09/08 6:29 p.m.•1 views

CVE-2016-5759

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...

7.8CVSS5.8AI score