Lucene search
K

449 matches found

NVD
NVD
added 2024/06/14 10:15 a.m.22 views

CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device...

9.8CVSS0.01031EPSS
Exploits2References2
CVE
CVE
added 2024/06/14 9:29 a.m.170 views

CVE-2024-3912

CVE-2024-3912 affects certain ASUS routers, described as an arbitrary firmware upload vulnerability that allows an unauthenticated remote attacker to upload files and execute system commands. Public details confirm a high-severity issue (CVSS v3.1 base score 9.8) with network access, no user inte...

9.8CVSS10AI score0.01031EPSS
Exploits2References2
NVD
NVD
added 2024/06/14 7:15 a.m.22 views

CVE-2024-31162

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device...

7.2CVSS0.00648EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 6:52 a.m.19 views

CVE-2024-31163 ASUS Download Master - Buffer Overflow

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device...

7.2CVSS0.00617EPSS
Exploits0References2
NVD
NVD
added 2024/06/14 4:15 a.m.22 views

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system...

7.2CVSS0.00535EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 3:53 a.m.18 views

CVE-2024-31161 ASUS Download Master - Arbitrary File Upload

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system...

7.2CVSS0.00535EPSS
Exploits0References2
Veracode
Veracode
added 2024/06/11 10:28 a.m.22 views

Sensitive Information Exposure

h2o is vulnerable to Sensitive Information Exposure. The vulnerability is due the Typeahead API call which allows an attacker to lookup arbitrary system paths in the entire file system where h2o-3 is hosted...

5.3CVSS6.8AI score0.00835EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2024/06/08 10:6 p.m.140 views

Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware

Installation et Exécution du script 💻 Prérequis Avant de...

8.8CVSS6.5AI score0.05848EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/06/08 10:6 p.m.306 views

Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware

Installation et Exécution du script 💻 Prérequis Avant de...

8.8CVSS6.5AI score0.05848EPSS
Exploits8
OSV
OSV
added 2024/06/06 7:16 p.m.8 views

CVE-2024-5550

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

5.3CVSS6.5AI score
Exploits0References1
Cvelist
Cvelist
added 2024/06/06 6:18 p.m.36 views

CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

5.3CVSS0.00835EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/06 6:18 p.m.18 views

CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

5.3CVSS6.6AI score0.00835EPSS
Exploits1References1
CVE
CVE
added 2024/05/27 3:32 a.m.104 views

CVE-2024-5399

Openfind Mail2000 is affected by an OS command injection vulnerability (CVE-2024-5399) stemming from improper filtering of parameters in a specific API. The flaw allows remote attackers with administrative privileges to execute arbitrary system commands on the remote server. The issue is reported...

7.2CVSS7.4AI score0.00562EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/27 3:32 a.m.43 views

CVE-2024-5399 Openfind Mail2000 - OS Command Injection

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

7.2CVSS7.4AI score0.00562EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/27 3:32 a.m.33 views

CVE-2024-5399 Openfind Mail2000 - OS Command Injection

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

7.2CVSS7.9AI score0.00562EPSS
Exploits0References1
NVD
NVD
added 2024/04/30 2:15 p.m.15 views

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

6.7CVSS6.6AI score0.00701EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/04/30 12:0 a.m.9 views

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

7AI score0.00701EPSS
Exploits1References4
CVE
CVE
added 2024/04/30 12:0 a.m.49 views

CVE-2023-50914

CVE-2023-50914 is a local privilege escalation in GOG Galaxy (Beta) IPC between GalaxyClient.exe and GalaxyClientService.exe. From 2.0.67.2 through 2.0.71.2, an authenticated user can forge IPC packets via FixDirectoryPrivileges, altering the DACL of arbitrary system directories to grant Everyone...

6.7CVSS6.9AI score0.00701EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/30 12:0 a.m.19 views

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

6.9AI score0.00701EPSS
Exploits1References4
NVD
NVD
added 2024/04/29 4:15 a.m.30 views

CVE-2024-4301

N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page...

8.8CVSS9.3AI score0.01101EPSS
Exploits0References1
Rows per page
Query Builder