Lucene search
K

163 matches found

Cvelist
Cvelist
added 2023/05/08 2:3 p.m.21 views

CVE-2023-22784 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities...

9.8CVSS9.9AI score0.02068EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/08 2:2 p.m.18 views

CVE-2023-22779 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities...

9.8CVSS9.9AI score0.02118EPSS
Exploits0References1
OSV
OSV
added 2023/04/28 7:15 p.m.3 views

CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

9.8CVSS7.7AI score0.00916EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/03 12:0 a.m.15 views

CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. Recent assessments: gwillcox-r7 at May 10, 2023 5:02pm UTC reported: This is an authentication bypass in Hitachi...

9.8CVSS7.6AI score0.9767EPSS
In wildExploits7References3
GithubExploit
GithubExploit
added 2023/03/26 12:18 a.m.299 views

Exploit for OS Command Injection in Netgate Pfblockerng

pfBlockerNG T...

9.8CVSS9.7AI score0.86446EPSS
Exploits14
Vulnrichment
Vulnrichment
added 2023/03/08 12:27 a.m.7 views

CVE-2023-0090 Proofpoint Enterprise Protection webservices unauthenticated RCE

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

9.8CVSS9.6AI score0.00738EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 8:15 a.m.3 views

CVE-2023-22754

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute...

9.8CVSS8.2AI score0.01073EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/28 4:33 p.m.9 views

CVE-2023-22753 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute...

8.1CVSS10AI score0.01073EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/28 4:5 p.m.10 views

CVE-2023-22749 Multiple Unauthenticated Command Injections in the PAPI Protocol

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities result in the...

9.8CVSS9.1AI score0.0174EPSS
Exploits0References1
CVE
CVE
added 2023/02/28 4:5 p.m.78 views

CVE-2023-22749

ArubaOS (Aruba Mobility Controllers/OS) exposes multiple command-injection vulnerabilities in PAPI, allowing unauthenticated remote code execution via crafted packets to UDP port 8211. Impact is execution of arbitrary code as a privileged OS user. Exploitation details are not provided in the docu...

9.8CVSS10AI score0.0174EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/02/25 1:7 a.m.22 views

CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

7.2CVSS9.6AI score0.80462EPSS
Exploits11References2
Debian CVE
Debian CVE
added 2023/02/25 1:7 a.m.43 views

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS4AI score0.80462EPSS
Exploits11
AlpineLinux
AlpineLinux
added 2023/02/25 1:7 a.m.44 views

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS8.2AI score0.80462EPSS
Exploits11
GithubExploit
GithubExploit
added 2023/01/31 8:29 p.m.165 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j Vulnerability --- --- --- Tutorial: https...

10CVSS9.9AI score0.99999EPSS
Exploits479
0day.today
0day.today
added 2022/12/24 12:0 a.m.401 views

OpenTSDB 2.4.0 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...

9.8CVSS9.9AI score0.8533EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/12/15 12:0 a.m.254 views

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution

!/usr/bin/env python SOUND4 IMPACT/FIRST/PULSE/Eco =2.x upload.cgi Unauthenticated Remote Code Execution Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...

7.4AI score
Exploits0
NCSC
NCSC
added 2022/12/12 12:0 a.m.5 views

Vulnerability fixed in FortiOS SSL-VPN

Fortinet has fixed a vulnerability in FortiOS SSL-VPN. A unauthenticated remote malicious party can exploit the vulnerability exploit it to execute arbitrary code. This requires malicious network traffic must be sent to the vulnerable interface sent. Fortinet says it is aware of an incident in...

9.8CVSS7.5AI score0.99474EPSS
Exploits11
Trellix
Trellix
added 2022/08/11 12:0 a.m.27 views

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

10CVSS8.7AI score0.02323EPSS
Exploits0
NVD
NVD
added 2022/08/02 4:15 p.m.17 views

CVE-2022-35223

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...

9.8CVSS0.01265EPSS
Exploits0References2
CVE
CVE
added 2022/07/19 2:51 p.m.855 views

CVE-2022-35405

CVE-2022-35405 affects Zoho ManageEngine PAM360 (before 5.5/5510) and Password Manager Pro (before 12.1/12101), plus Access Manager Plus (before 4.3/4303 with auth). The root cause is a Java deserialization issue in XML-RPC handling that enables unauthenticated RCE for Password Manager Pro and PA...

9.8CVSS9.7AI score0.9994EPSS
In wildExploits5References3Affected Software3
Rows per page
Query Builder