Lucene search
K

64 matches found

Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.8 views

PT-2024-1833

Name of the Vulnerable Software and Affected Versions Totolink X6000R AX3000 version 9.4.0cu.852 20230719 Description An issue exists in the shttpd component due to insufficient input validation. A remote attacker can exploit this by manipulating the setWizardCfg function within the...

9.8CVSS7AI score0.14692EPSS
Exploits1References17
OSV
OSV
added 2023/06/30 10:15 p.m.4 views

CVE-2023-22816

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

8.8CVSS5.9AI score0.00866EPSS
Exploits0References1
NVD
NVD
added 2023/06/30 10:15 p.m.28 views

CVE-2023-22816

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

8.8CVSS7.2AI score0.00866EPSS
Exploits0References1
Prion
Prion
added 2023/06/30 10:15 p.m.12 views

Command injection

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

6.5CVSS8.9AI score0.00866EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/30 9:1 p.m.31 views

CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

6CVSS9.2AI score0.00866EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/30 9:1 p.m.10 views

CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

6CVSS7.7AI score0.00866EPSS
Exploits0References1
NVD
NVD
added 2023/05/10 9:15 p.m.29 views

CVE-2022-29842

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...

9.8CVSS9.7AI score0.01836EPSS
Exploits0References1
Prion
Prion
added 2023/05/10 9:15 p.m.20 views

Command injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...

7.5CVSS9.5AI score0.01836EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/10 8:53 p.m.35 views

CVE-2022-29842 Command Injection Vulnerability in Western Digital My Cloud devices

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...

9.8CVSS9.8AI score0.01836EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.6 views

PT-2023-3460 · Western Digital · My Cloud Os

Name of the Vulnerable Software and Affected Versions: My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a lack of data cleaning measures at the management level in My Cloud OS, which can be exploited by a remote attacker to execute arbitrary commands. Specifically, it...

8.8CVSS8.4AI score0.00866EPSS
Exploits0References9
CNVD
CNVD
added 2022/10/10 12:0 a.m.18 views

TOTOLINK NR1800X UploadFirmwareFile Command Injection Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A command injection vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which originates from t...

9.8CVSS9.8AI score0.01834EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.9 views

The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.

The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...

9CVSS7.9AI score0.96977EPSS
Exploits13References7Affected Software2
OSV
OSV
added 2020/10/28 1:15 p.m.3 views

CVE-2020-8263

A vulnerability in the authenticated user web interface of Pulse Connect Secure 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS through the CGI file...

5.4CVSS6.2AI score0.00679EPSS
Exploits0References1
NVD
NVD
added 2020/10/28 1:15 p.m.19 views

CVE-2020-8263

A vulnerability in the authenticated user web interface of Pulse Connect Secure 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS through the CGI file...

5.4CVSS5AI score0.00679EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/28 12:48 p.m.26 views

CVE-2020-8263

A vulnerability in the authenticated user web interface of Pulse Connect Secure 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS through the CGI file...

5.1AI score0.00679EPSS
Exploits0References1
NVD
NVD
added 2019/03/07 5:29 a.m.21 views

CVE-2019-9624

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...

7.8CVSS8AI score0.23689EPSS
Exploits3References3
Cvelist
Cvelist
added 2019/03/07 5:0 a.m.24 views

CVE-2019-9624

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...

8AI score0.23689EPSS
Exploits3References3
CVE
CVE
added 2019/03/07 5:0 a.m.124 views

CVE-2019-9624

CVE-2019-9624 affects Webmin up to version 1.900 (and lower per sources). An authenticated user with the Upload and Download privilege can upload a crafted .cgi file via the /updown/upload.cgi URI, which enables remote code execution on the server. Exploitation is described as an authenticated RC...

7.8CVSS8AI score0.23689EPSS
Exploits3References3Affected Software1
CNVD
CNVD
added 2019/03/07 12:0 a.m.3 views

Webmin Arbitrary Code Execution Vulnerability

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. An arbitrary code execution vulnerability exists in Webmin 1.900. A remote attacker can use the "Java File Manager" and "Upload and Download" privileges to uploa...

7.8CVSS8.5AI score0.23689EPSS
Exploits3References1
0day.today
0day.today
added 2019/02/28 12:0 a.m.45 views

Usermin 1.750 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...

7.1AI score
Exploits0
Rows per page
Query Builder