Lucene search
K

208 matches found

ATTACKERKB
ATTACKERKB
added 2023/03/23 12:0 a.m.261 views

CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Recent...

9.8CVSS8.8AI score0.97339EPSS
In wildExploits13References4
NVD
NVD
added 2023/02/28 4:15 p.m.32 views

CVE-2023-25266

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...

8.8CVSS8.9AI score0.01634EPSS
Exploits1References2
Hacker One
Hacker One
added 2023/02/02 6:0 a.m.84 views

HackerOne: [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick

A Local File Inclusion vulnerability was discovered in an outdated version of ImageMagick used for image resizing on a website. An attacker could exploit this vulnerability by uploading a malicious PNG image, which would include the local file as content of the resized image in a hexadecimal...

6.5CVSS6.5AI score0.89855EPSS
Exploits28
GithubExploit
GithubExploit
added 2022/10/29 3:28 a.m.488 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringAllReachable A graphical tool for rapid exploitati...

10CVSS7.9AI score0.99939EPSS
Exploits86
Prion
Prion
added 2022/09/23 4:15 p.m.22 views

Heap overflow

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

7.5CVSS9.9AI score0.21829EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2022/01/10 8:20 p.m.28 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS8.7AI score0.03897EPSS
Exploits1
NVD
NVD
added 2021/12/10 1:15 p.m.28 views

CVE-2021-35978

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...

10CVSS0.03559EPSS
Exploits0References2
OSV
OSV
added 2021/04/20 12:15 p.m.3 views

CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host...

4.9CVSS7.1AI score0.51407EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/02/05 3:38 p.m.32 views

CVE-2021-3258

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting XSS, which may lead to arbitrary remote code execution...

6.1AI score0.01644EPSS
Exploits1References3
Prion
Prion
added 2021/01/13 6:15 p.m.26 views

Remote code execution

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

7.5CVSS9.7AI score0.04099EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2020/11/09 7:54 p.m.124 views

BugPoC: XSS PoC for the wacky.buggywebsite.com challenge

Summary: https://wacky.buggywebsite.com/frame.html is vulnerable to DOM-based XSS. Steps To Reproduce: 1. Navigate to https://oembed.dev.ipwnedyour.net/wacky.buggywebsite.com.xss.html 1. Verify the document's origin is displayed in an alert box. PoC code details: The PoC page at...

6.8AI score
Exploits0
Oracle linux
Oracle linux
added 2020/04/11 12:0 a.m.172 views

telnet security update

1:0.17-65 - Resolves: 1814475 - Arbitrary remote code execution in utility.c via short writes or urgent data...

10CVSS4.7AI score0.74513EPSS
Exploits2
Oracle linux
Oracle linux
added 2020/04/07 12:0 a.m.83 views

telnet security update

1:0.17-49 - Resolves: 1814775 - Arbitrary remote code execution in utility.c via short writes or urgent data...

10CVSS4.7AI score0.74513EPSS
Exploits2
Cvelist
Cvelist
added 2019/12/23 10:13 p.m.31 views

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...

9.5AI score0.02876EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.26 views

NewStart CGSL MAIN 5.04 : libreoffice Vulnerability (NS-SA-2019-0013)

The remote NewStart CGSL host, running version MAIN 5.04, has libreoffice packages installed that are affected by a vulnerability: - A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially...

9.8CVSS6.7AI score0.23204EPSS
Exploits5References2
exploitpack
exploitpack
added 2019/04/15 12:0 a.m.407 views

RemoteMouse 3.008 - Arbitrary Remote Command Execution

RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.58 views

RemoteMouse 3.008 - Arbitrary Remote Command Execution

Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it This script po...

7AI score
Exploits0
Prion
Prion
added 2019/03/28 5:29 p.m.17 views

Command injection

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

6.5CVSS8.9AI score0.45972EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2018/10/01 1:0 p.m.20 views

CVE-2018-14802

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution...

9.9AI score0.03577EPSS
Exploits0References2
CVE
CVE
added 2018/10/01 1:0 p.m.60 views

CVE-2018-14802

CVE-2018-14802 affects Fuji Electric FRENIC Loader family (FRENIC-Mini C1/C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace). Description: stack-based buffer overflow caused by improper validation of user-supplied comments, enabling arbitrary remote code execution. Affected product versions i...

9.8CVSS9.7AI score0.03577EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder