Lucene search
K

52 matches found

CNNVD
CNNVD
added 2022/07/20 12:0 a.m.4 views

Cisco Nexus Dashboard 访问控制错误漏洞

Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. Cisco Nexus Dashboard has a security vulnerability that can be exploited by an unauthenticated, remote attacker to access specific APIs running in the dat...

9.8CVSS6.1AI score0.01437EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2021/11/05 7:43 p.m.140 views

Metasploit Wrap-Up

GitLab RCE New Rapid7 team member jbaines-r7 wrote an exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability results in unauthenticated remote code execution as the git user. What makes this module extra neat is the fact that it chains two vulnerabilities together to...

6.8CVSS9.9AI score0.99981EPSS
Exploits67
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.31 views

SolarWinds Orion Authentication Bypass Vulnerability

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...

9.8CVSS9.3AI score0.9198EPSS
In wildExploits3
NVD
NVD
added 2020/12/29 10:15 p.m.31 views

CVE-2020-10148

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...

9.8CVSS9.9AI score0.9198EPSS
Exploits3References4
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/11/18 5:7 a.m.68 views

OBDeleven vulnerability

OBDelevens OBD-II dongle is an onboard diagnostics port module that connects to a mobile app over Bluetooth. It takes advantage of weaknesses in UDS secure access to unlock the vehicle ECU and enable enhanced diagnostics and some additional functionality. Some of these functions are only availabl...

7.3AI score
Exploits0
OSV
OSV
added 2020/08/17 1:15 p.m.26 views

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

8.8CVSS6.8AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/08/17 1:15 p.m.35 views

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

8.8CVSS7.2AI score0.03805EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/08/17 12:16 p.m.31 views

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

8.8CVSS8.8AI score0.03805EPSS
Exploits0
CVE
CVE
added 2020/08/17 12:16 p.m.171 views

CVE-2020-13941

CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...

8.8CVSS8.6AI score0.03805EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/06/03 6:15 p.m.21 views

CVE-2020-3227

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

10CVSS9.6AI score0.03408EPSS
Exploits0References1
Prion
Prion
added 2020/06/03 6:15 p.m.21 views

Authorization

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

10CVSS9.4AI score0.03408EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/03 5:42 p.m.26 views

CVE-2020-3227 Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

9.8CVSS9.6AI score0.03408EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/06/03 5:42 p.m.12 views

CVE-2020-3227 Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

9.8CVSS7.3AI score0.03408EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.38 views

Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

9.8CVSS1.7AI score0.03408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.4 views

PT-2020-2670 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure could allow an unauthenticated, remote attacker to execute Cisco IOx API...

10CVSS9.4AI score0.03408EPSS
Exploits0References6
NVD
NVD
added 2019/08/02 5:15 p.m.15 views

CVE-2017-18442

cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands SEC-246...

5.3CVSS5.6AI score0.00767EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/02 4:19 p.m.23 views

CVE-2017-18444

cPanel before 64.0.21 allows demo accounts to execute SSH API commands SEC-248...

5.7AI score0.00767EPSS
Exploits0References1
CVE
CVE
added 2019/08/02 4:18 p.m.56 views

CVE-2017-18442

CVE-2017-18442 : Affected software is cPanel prior to 64.0.21. The issue allows demo accounts to trigger Cpanel::SPFUI API commands (SEC-246), implying limited privilege elevation within the control panel API. The description and connected documents do not provide additional exploitation details ...

5.3CVSS5.6AI score0.00767EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.7 views

The vulnerability in the web interface of the Cisco Prime Home system allows a perpetrator to bypass the authentication process and perform arbitrary actions with administrator privileges.

The vulnerability in the Cisco Prime Home system’s web interface exists due to deficiencies in the authentication process related to role-based access control RBAC errors. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and perform arbitrary actions wit...

10CVSS7.9AI score0.04107EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2017/02/03 10:23 a.m.28 views

Cisco Patches Authentication Bypass in Cisco Prime Home

Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...

10CVSS1AI score0.02702EPSS
Exploits0References5
Rows per page
Query Builder