Lucene search
+L

226 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-5127

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.2AI score0.45302EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/28 8:15 p.m.5 views

CVE-2023-41109

SmartNode SN200 aka SN200 3.21.2-23021 allows unauthenticated OS Command Injection...

9.8CVSS5.8AI score0.64113EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.4 views

PT-2023-8337 · Unknown · Smartnode Sn200

Name of the Vulnerable Software and Affected Versions: SmartNode SN200 aka SN200 version 3.21.2-23021 Description: The issue is related to the Network Diagnostic Commands function of the SmartNode SN200 analog telephone adapter's firmware, which fails to neutralize special elements used in an...

9.8CVSS9.3AI score0.64113EPSS
Exploits3References12
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.400 views

Chamilo 1.11.18 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chamilo unauthenticated command injection in PowerPoint upload', 'Description' = %q Chamilo is an e-learning platform, also called Learning...

9.8CVSS7.1AI score0.99192EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2023/08/18 5:22 p.m.65 views

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...

7.5CVSS9.7AI score0.98725EPSS
Exploits10
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.603 views

TP-Link Archer AX21 - Unauthenticated Command Injection

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

8.8CVSS9AI score0.99999EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/08/04 7:3 p.m.104 views

Metasploit Weekly Wrap-Up

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...

10CVSS10.7AI score0.99445EPSS
Exploits37
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.11 views

PT-2023-04: Unauth Command Injection in Zyxel products

An issue was identified in Zyxel products affecting: ATP ZLD V5.10V5.35; USG FLEX ZLD V5.00V5.35; USG FLEX 50W/ USG20W-VPN ZLD V5.10V5.35; VPN ZLD V5.00V5.35. The discovered vulnerability can be exploited by an unauthenticated attacker to modify device configuration data, causing a denial of...

8.1CVSS7AI score0.00693EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 9:15 p.m.3 views

CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS6AI score0.18202EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.11 views

PT-2023-7429 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to an unauthenticated OS command injection vulnerability. This vulnerability can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter...

10CVSS9.8AI score0.01658EPSS
Exploits2References5
Metasploit
Metasploit
added 2023/01/24 7:51 p.m.373 views

Cacti 1.2.22 unauthenticated command injection

This module exploits an unauthenticated command injection vulnerability in Cacti through 1.2.22 CVE-2022-46169 in order to achieve unauthenticated remote code execution as the www-data user. The module first attempts to obtain the Cacti version to see if the target is affected. If LOCALDATAID...

9.8CVSS9.2AI score0.99826EPSS
Exploits48
Packet Storm
Packet Storm
added 2022/09/08 12:0 a.m.292 views

Apache Spark Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Apache Spark Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command...

8.8CVSS0.7AI score0.92984EPSS
Exploits12
OSV
OSV
added 2022/08/31 4:15 p.m.7 views

CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

9.8CVSS5.8AI score0.01949EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/30 7:27 p.m.6 views

CVE-2022-21941

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system...

10CVSS7.3AI score0.01949EPSS
Exploits0References3
Metasploit
Metasploit
added 2022/08/29 6:2 p.m.878 views

Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE

This module exploits an unauthenticated command injection vulnerability in Roxy-WI prior to version 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. Module Option...

5.5CVSS7.8AI score0.00651EPSS
Exploits3
0day.today
0day.today
added 2022/08/22 12:0 a.m.611 views

FLIR AX8 1.46.16 Remote Command Execution Exploit

-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46....

9.8CVSS7.9AI score0.99607EPSS
Exploits11
Trellix
Trellix
added 2022/08/18 12:0 a.m.27 views

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

9.5AI score0.02323EPSS
Exploits0
Packet Storm
Packet Storm
added 2022/05/16 12:0 a.m.410 views

Zyxel Firewall ZTP Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...

0.2AI score0.99938EPSS
Exploits27
NVD
NVD
added 2022/03/21 11:15 a.m.17 views

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware...

9.8CVSS0.01464EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/21 10:27 a.m.23 views

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware...

10AI score0.01464EPSS
Exploits0References1
Rows per page
Query Builder