Lucene search
K

449 matches found

Vulnrichment
Vulnrichment
added 2024/04/29 3:15 a.m.23 views

CVE-2024-4299 HGiga iSherlock - Command Injection

The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enablin...

7.2CVSS7.6AI score0.02087EPSS
Exploits0References3
CVE
CVE
added 2024/04/29 3:15 a.m.66 views

CVE-2024-4299

CVE-2024-4299 affects HGiga iSherlock and its components (MailSherlock, SpamSherock, AuditSherlock). The root cause is improper filtering of special characters in certain function parameters within the system configuration interface, enabling a remote attacker with administrative privileges to pe...

7.2CVSS7.5AI score0.02087EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/04/29 3:15 a.m.13 views

CVE-2024-4298

The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...

7.2CVSS7.3AI score0.02087EPSS
Exploits0References3
CVE
CVE
added 2024/04/29 2:39 a.m.59 views

CVE-2024-4298

The CVE-2024-4298 issue affects HGiga iSherlock and its components (MailSherlock, SpamSherock, AuditSherlock). The root cause is improper filtering of special characters in certain function parameters within the email search interface, enabling command injection when exploited by an admin user. I...

7.2CVSS7.5AI score0.02087EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/29 2:39 a.m.17 views

CVE-2024-4298 HGiga iSherlock - Command Injection

The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...

7.2CVSS7.3AI score0.02087EPSS
Exploits0References3
NVD
NVD
added 2024/04/29 2:15 a.m.12 views

CVE-2024-4296

The account management interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...

4.9CVSS5.2AI score0.00674EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/29 2:8 a.m.18 views

CVE-2024-4296 HGiga iSherlock - Arbitrary File Download

The account management interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...

4.9CVSS7.3AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 2024/04/29 2:8 a.m.59 views

CVE-2024-4296

The CVE-2024-4296 entry concerns HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock). The vulnerability arises from inadequate filtering of special characters in certain function parameters in the account management interface, enabling remote attackers with administrative privil...

4.9CVSS7AI score0.00674EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/15 4:1 a.m.18 views

CVE-2024-1655 ASUS WiFi Router - OS Command Injection

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request...

8.8CVSS8.3AI score0.02025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.5 views

PT-2024-18203 · Asus · Asus Wifi Routers

Name of the Vulnerable Software and Affected Versions: ASUS WiFi routers affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request, due to an OS Command Injection vulnerability...

8.8CVSS8.1AI score0.02025EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/02 12:22 p.m.56 views

CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS10AI score0.93901EPSS
Exploits7References2
Veracode
Veracode
added 2024/03/02 9:24 p.m.13 views

Cross-site Request Forgery (CSRF)

phpPgAdmin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of the request source in the "database.php" area of phpPgAdmin. This allows sensitive actions to be performed without proper verification of the request's origin. A remote attacker can...

9.6CVSS7.5AI score0.0364EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Command injection

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

8.4AI score0.01379EPSS
Exploits0References2
OSV
OSV
added 2024/02/21 6:15 p.m.3 views

CVE-2024-1212

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

9.8CVSS5.9AI score0.95388EPSS
Exploits9References5
Cvelist
Cvelist
added 2024/02/21 5:39 p.m.36 views

CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

10CVSS9.8AI score0.95388EPSS
Exploits9References4
Vulnrichment
Vulnrichment
added 2024/02/21 5:39 p.m.17 views

CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

10CVSS9.2AI score0.95388EPSS
Exploits9References4
NVD
NVD
added 2024/02/20 10:15 p.m.11 views

CVE-2024-25428

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

6.5CVSS7.9AI score0.00395EPSS
Exploits1References1
Prion
Prion
added 2024/02/20 10:15 p.m.9 views

Sql injection

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

8.7AI score0.00395EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/20 12:0 a.m.12 views

CVE-2024-25428

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

8.6AI score0.00395EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.5 views

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to download arbitrary files in all system paths via a crafted HTTP...

6.5CVSS6.8AI score0.00778EPSS
Exploits0References2
Rows per page
Query Builder