Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2170 matches found

Prion
Prionadded 2023/02/01 2:15 a.m.10 views

Arbitrary file deletion

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

7.5CVSS9.7AI score0.00761EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/02/01 12:0 a.m.7 views

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

9.8AI score0.00761EPSS
Exploits1References2
Cvelist
Cvelistadded 2023/02/01 12:0 a.m.15 views

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

9.9AI score0.00761EPSS
Exploits1References2
CVE
CVEadded 2023/02/01 12:0 a.m.40 views

CVE-2022-47769

CVE-2022-47769 involves Serenissima Informatica Fast Checkin v1.0 and is an arbitrary file write vulnerability. An unauthenticated attacker can upload malicious files to the web root, which can lead to full server access via a web shell. The underlying issue is improper handling of file uploads a...

9.8CVSS9.6AI score0.00761EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2023/02/01 12:0 a.m.3 views

Serenissima Informatica Fast Checkin 代码问题漏洞

Serenissima Informatica Fast Checkin is an application from Serenissima, Inc. A security vulnerability exists in Serenissima Informatica Fast Checkin version 1.0, which originates from a vulnerability that allows an unauthenticated attacker to access the server via the web shell by uploading...

9.8CVSS8.6AI score0.00761EPSS
Exploits1References3
The Hacker News
The Hacker Newsadded 2023/01/24 2:37 p.m.2 views

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through...

7.2AI score
Exploits0
Packet Storm
Packet Stormadded 2023/01/23 12:0 a.m.663 views

Food Ordering System 2 Shell Upload

Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2023/01/10 12:0 a.m.480 views

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2023/01/06 12:0 a.m.43 views

EMC RSA Archer 6.0 < 6.9 SP3 P4 / 6.10 < 6.10 P2 Remote Code Execution

The version of EMC RSA Archer running on the remote web server is 6.x prior to 6.9.3.4 6.9 SP3 P4, 6.10.x prior to 6.10.0.2 6.10 P2. It is, therefore, affected by a remote code execution vulnerability due to unrestricted upload of a file with a dangerous type. A remote, authenticated malicious us...

8.5CVSS8.6AI score0.00536EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2022/11/28 2:34 p.m.441 views

Exploit for Code Injection in Vmware Spring_Framework

Spring Boot CVE-2022-22965 Docker PoC for CVE-2022-22965 with...

9.8CVSS8.9AI score0.94428EPSS
Exploits99
The Hacker News
The Hacker Newsadded 2022/10/28 11:1 a.m.45 views

Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a...

7.8AI score
Exploits0
NVD
NVDadded 2022/10/19 5:15 a.m.17 views

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

9.8CVSS0.90604EPSS
Exploits1References3
OSV
OSVadded 2022/10/19 5:15 a.m.2 views

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

9.8CVSS6AI score0.90604EPSS
Exploits1References3
Prion
Prionadded 2022/10/19 5:15 a.m.26 views

Design/Logic Flaw

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

7.5CVSS8.1AI score0.90604EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/10/19 12:0 a.m.24 views

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

9.8AI score0.90604EPSS
Exploits1References3
CVE
CVEadded 2022/10/19 12:0 a.m.303 views

CVE-2016-20016

CVE-2016-20016 affects MVPower CCTV DVR models (e.g., TV-7104HE 1.8.4 115215B9 and TV7108HE). The flaw is a web shell accessible via a /shell URI that lets a remote unauthenticated attacker execute arbitrary OS commands as root. Public sources (NVD, Red Hat advisories, CVE lists) confirm the vuln...

9.8CVSS9.7AI score0.90604EPSS
In wildExploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/19 12:0 a.m.4 views

PT-2022-7851 · Mvpower · Mvpower Cctv Dvr

Name of the Vulnerable Software and Affected Versions: MVPower CCTV DVR models, including TV-7104HE version 1.8.4 115215B9 and TV7108HE, versions from 2014 through 2019 Description: A remote unauthenticated attacker can execute arbitrary operating system commands as root due to a web shell...

9.8CVSS9.9AI score0.90604EPSS
Exploits1References16
Vulnrichment
Vulnrichmentadded 2022/10/19 12:0 a.m.7 views

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

8.1AI score0.90604EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2022/10/19 12:0 a.m.400 views

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE”...

9.8CVSS9.6AI score0.94141EPSS
In wildExploits14References4
Microsoft Malware Protection
Microsoft Malware Protectionadded 2022/10/01 4:21 a.m.618 views

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance...

0.2AI score0.94147EPSS
Exploits16
Rows per page
Query Builder