Lucene search
+L

314 matches found

OSV
OSV
added 2024/02/09 4:15 a.m.4 views

CVE-2023-46687

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer...

9.8CVSS6AI score
Exploits0References2
OSV
OSV
added 2024/01/12 3:15 p.m.4 views

CVE-2023-49254

Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, howeve...

8.8CVSS6AI score0.00733EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/25 6:15 a.m.4 views

CVE-2022-39818

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system...

8.8CVSS5.9AI score0.02237EPSS
Exploits1References2
OSV
OSV
added 2023/11/01 6:15 p.m.2 views

CVE-2023-20063

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense FTD Software and devices that are running Cisco Firepower Management FMC Software could allow an authenticated, local attacker to execute arbitrary commands with root...

8.2CVSS6.1AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2023/10/04 9:15 p.m.4 views

CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...

8.8CVSS5.9AI score0.03397EPSS
Exploits3References3
OSV
OSV
added 2023/08/16 10:15 p.m.4 views

CVE-2023-20017

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...

9.1CVSS6.1AI score0.00713EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.6 views

PT-2023-4520 · Cisco · Cisco Intersight Private Virtual Appliance

Name of the Vulnerable Software and Affected Versions: Cisco Intersight Private Virtual Appliance affected versions not specified Description: The issue is due to insufficient input validation when extracting uploaded software packages, allowing an authenticated, remote attacker with Administrato...

9.1CVSS9.2AI score0.00713EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.8 views

PT-2023-4522 · Cisco · Cisco Intersight Private Virtual Appliance

Name of the Vulnerable Software and Affected Versions: Cisco Intersight Private Virtual Appliance affected versions not specified Description: The issue is due to insufficient input validation when extracting uploaded software packages, allowing an authenticated, remote attacker with Administrato...

9.1CVSS9.1AI score0.00713EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2023/08/09 7:15 p.m.6 views

CVE-2023-38997

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive...

7.2CVSS7.4AI score0.01138EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.3 views

PT-2023-25869 · Casaos · Casaos

Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.4.4 Description: CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification, an unauthenticated attacker can execute arbitrary commands as root on CasaOS instances. The problem was...

9.8CVSS8AI score0.06363EPSS
Exploits1References18
NVD
NVD
added 2023/07/10 4:15 p.m.33 views

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS9.5AI score0.00964EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/28 12:0 a.m.6 views

PT-2023-8202 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A directory traversal vulnerability exists in the Captive Portal templates of OPNsense, allowing attackers to execute arbitrary...

10CVSS7.4AI score0.01138EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.5 views

WAVLINK WL-WN531AX2 安全漏洞

The WAVLINK WL-WN531AX2 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WL-WN531AX2 versions prior to 2023526, which originates from allowing a logged in user to execute operating system commands with root privileges...

7.2CVSS7AI score0.00679EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.7 views

WAVLINK WL-WN531AX2 代码问题漏洞

The WAVLINK WL-WN531AX2 is a wireless router from the Chinese company WAVLINK. The WAVLINK WL-WN531AX2 suffers from a code issue vulnerability that stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary files and execute system...

7.2CVSS7.7AI score0.00679EPSS
Exploits0References4
NVD
NVD
added 2023/06/20 8:15 p.m.32 views

CVE-2023-33869

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

9.8CVSS8.3AI score0.01111EPSS
Exploits0References1
Prion
Prion
added 2023/06/20 8:15 p.m.26 views

Command injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

7.5CVSS9.7AI score0.01111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/20 7:43 p.m.37 views

CVE-2023-33869 Enphase Envoy OS Command Injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

6.3CVSS9.9AI score0.01111EPSS
Exploits0References1
OSV
OSV
added 2023/05/22 4:15 p.m.5 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.8CVSS6AI score0.00932EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/05/22 4:15 p.m.4 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.8CVSS5.9AI score0.00932EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.17 views

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...

5.4CVSS7.4AI score0.00485EPSS
Exploits0References2
Rows per page
Query Builder