Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52 matches found

Packet Storm
Packet Stormadded 2022/11/02 12:0 a.m.542 views

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...

10CVSS0.2AI score0.92335EPSS
Exploits8
Fedora
Fedoraadded 2022/07/30 1:55 a.m.10 views

[SECURITY] Fedora 36 Update: golang-github-a8m-tree-0-0.17.20210725gitce3525c.fc36

An implementation of the Unix tree command written in Go, that can be used programmatically...

1.8AI score
Exploits0
0day.today
0day.todayadded 2021/11/10 12:0 a.m.335 views

Microsoft OMI Management Interface Authentication Bypass Exploit

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...

9.8CVSS7.6AI score0.99723EPSS
Exploits20
Packet Storm
Packet Stormadded 2020/12/24 12:0 a.m.1243 views

Apache Struts 2 Forced Multi OGNL Evaluation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Forced Multi OGNL Evaluation', 'Description' = %q The Apache Struts framework, when forced, performs double evaluation of...

7.5CVSS9.8AI score0.97399EPSS
Exploits23
0day.today
0day.todayadded 2020/11/12 12:0 a.m.121 views

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

9.8CVSS9.4AI score0.99585EPSS
Exploits5
Packet Storm
Packet Stormadded 2020/09/22 12:0 a.m.297 views

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection', 'Description' = %q This module exploits an authenticated command...

9CVSS1.1AI score0.93967EPSS
Exploits8
Fedora
Fedoraadded 2020/07/13 1:39 a.m.26 views

[SECURITY] Fedora 31 Update: python-gnupg-0.4.6-1.fc31

GnuPG bindings for python. This uses the gpg command...

7.5CVSS1.5AI score0.08548EPSS
Exploits2
Packet Storm
Packet Stormadded 2020/05/12 12:0 a.m.259 views

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...

7.5CVSS0.9AI score0.96405EPSS
Exploits25
Metasploit
Metasploitadded 2020/04/27 3:50 p.m.72 views

Apache Shiro v1.2.4 Cookie RememberME Deserial RCE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may also be exploitable if the encryption key used by Shiro to encrypt rememberMe cookies is known. This module requires Metasploit:...

9.8CVSS8.2AI score0.93143EPSS
Exploits9
Gentoo Linux
Gentoo Linuxadded 2020/04/01 12:0 a.m.51 views

ledger: Multiple vulnerabilities

Background Ledger is a powerful, double-entry accounting system that is accessed from the UNIX command-line. Description Multiple vulnerabilities have been discovered in ledger. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process...

7.8CVSS5AI score0.01974EPSS
Exploits2
UbuntuCve
UbuntuCveadded 2020/03/18 10:15 p.m.15 views

CVE-2020-10674

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...

9.8CVSS7.5AI score0.01281EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2019/11/19 5:15 p.m.12 views

CVE-2011-2921

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges...

10CVSS7.3AI score0.82828EPSS
Exploits6References2
RedHat Linux
RedHat Linuxadded 2019/11/05 10:22 p.m.68 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9CVSS7.2AI score0.63917EPSS
Exploits10References2
Debian CVE
Debian CVEadded 2019/09/27 8:7 p.m.34 views

CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

9.8CVSS10AI score0.42482EPSS
Exploits3
Debian CVE
Debian CVEadded 2019/07/05 1:22 p.m.22 views

CVE-2019-13313

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line...

7.8CVSS5.5AI score0.00431EPSS
Exploits0
Packet Storm
Packet Stormadded 2015/03/27 12:0 a.m.114 views

QNAP Web Server Remote Code Execution

Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work / [email protected] other Employer homepage:...

10CVSS10AI score0.99999EPSS
Exploits130
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.25 views

Class-1 Forum <= 0.24.4 - Remote Code Execution Exploit

No description provided by source. ?php 6.44 08/09/2005 Class-1 Forum sql injection / remote code execution poc exploit coded by rgod - http://rgod.altervista.org make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals = on this is my...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2012/01/06 12:0 a.m.11 views

Successful Shell Attack Detected - Unix 'date' Command

Binary data 6171.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2012/01/06 12:0 a.m.14 views

Successful Shell Attack Detected - Unix Failed 'which' Command

Binary data 6158.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2012/01/06 12:0 a.m.13 views

Successful Shell Attack Detected - Unix 'ls -a' Command

Binary data 6139.prm...

7.3AI score
Exploits0
Rows per page
Query Builder