Lucene search
K

10124 matches found

0day.today
0day.today
added 2021/03/13 12:0 a.m.99 views

D-Link DIR-3060 1.11b04 Command Injection Vulnerability

title: Authenticated Command Injection in D-Link DIR-3060 Web Interface vendor/product: D-Link DIR-3060 https://www.dlink.com/ vulnerable version: v1.11b04 & Below fixed version: v1.11b04 Hotfix 2 CVE number: CVE-2021-28144 impact: 8.8 high CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor...

9CVSS8.9AI score0.06009EPSS
Exploits4
OSV
OSV
added 2021/03/05 5:15 p.m.4 views

CVE-2021-26963

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could...

7.2CVSS7.5AI score0.02887EPSS
Exploits0References1
OSV
OSV
added 2021/03/05 5:15 p.m.3 views

CVE-2021-26965

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacke...

6.5CVSS6.7AI score0.01128EPSS
Exploits0References1
OSV
OSV
added 2021/03/05 5:15 p.m.5 views

CVE-2021-26971

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A...

6.3CVSS6.2AI score0.01291EPSS
Exploits0References1
OSV
OSV
added 2021/03/05 5:15 p.m.6 views

CVE-2021-26970

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A...

6.3CVSS6.2AI score0.01338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/02/26 11:15 p.m.3 views

CVE-2020-36079

Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the FileselFinder portion of the UI. This can, for example, place a .php file i...

7.2CVSS6.1AI score0.04722EPSS
Exploits3References4
OSV
OSV
added 2021/02/24 12:15 p.m.3 views

CVE-2021-20659

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code...

8.8CVSS7.1AI score0.02056EPSS
Exploits0References3
OSV
OSV
added 2021/02/23 7:15 p.m.5 views

CVE-2021-26679

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

7.2CVSS6.1AI score0.02452EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/02/22 2:15 a.m.3 views

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

9CVSS7.1AI score0.04422EPSS
Exploits0References4
OSV
OSV
added 2021/02/19 7:15 p.m.4 views

CVE-2021-27328

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...

6.5CVSS6.9AI score0.06421EPSS
Exploits4References3
CNNVD
CNNVD
added 2021/02/18 12:0 a.m.7 views

Pimcore 路径遍历漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore. The...

7.1CVSS7AI score0.01316EPSS
Exploits1References4
OSV
OSV
added 2021/02/17 5:15 p.m.4 views

CVE-2021-1416

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...

4.3CVSS5.9AI score0.00888EPSS
Exploits0References1
CVE
CVE
added 2021/02/16 7:46 p.m.65 views

CVE-2021-20072

CVE-2021-20072 affects RACOM MIDGE firmware 4.4.40.105. The vulnerability is a directory traversal flaw in the firmware that, when authenticated, allows an attacker to arbitrarily access and delete files. Public risk details indicate high impact on confidentiality, integrity, and availability. Co...

8.7CVSS6.8AI score0.01425EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/16 7:46 p.m.25 views

CVE-2021-20072

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral...

7.1AI score0.01425EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 4:15 p.m.3 views

CVE-2020-35559

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users...

4.3CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.7 views

PT-2021-2185 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to XML injection in the Widgets module of Magento. Successful exploitation could lead to arbitrary...

9.1CVSS9.3AI score0.03635EPSS
Exploits0References9
OSV
OSV
added 2021/02/04 5:15 p.m.3 views

CVE-2021-1343

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

7.2CVSS7.4AI score0.02194EPSS
Exploits0References1
OSV
OSV
added 2021/02/04 5:15 p.m.6 views

CVE-2021-1341

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

7.2CVSS6.2AI score0.02753EPSS
Exploits0References1
OSV
OSV
added 2021/02/04 5:15 p.m.7 views

CVE-2021-1329

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

7.2CVSS7.4AI score0.02753EPSS
Exploits0References1
OSV
OSV
added 2021/02/04 5:15 p.m.5 views

CVE-2021-1336

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

7.2CVSS7.4AI score0.02753EPSS
Exploits0References1
Rows per page
Query Builder