CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2023/04/24 12:0 a.m.•4 views

Zyxel USG FLEX 命令注入漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in the Zyxel USG FLEX Series 4.50 to 5.35 firmware versions, and the VPN Series 4....

8.1CVSS8.1AI score0.01291EPSS

Exploits0References2

Cvelist•added 2023/04/24 12:0 a.m.•31 views

CVE-2023-22913

8.1CVSS8.2AI score0.01291EPSS

Cvelist•added 2023/04/16 12:0 a.m.•40 views

CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

7.5AI score0.09803EPSS

Exploits4References2

Packet Storm•added 2023/04/10 12:0 a.m.•258 views

Schneider Electric 1.0 Insecure Direct Object Reference

Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...

6.8AI score

Exploit DB•added 2023/04/07 12:0 a.m.•221 views

Schneider Electric v1.0 - Directory traversal & Broken Authentication

7.4AI score

Packet Storm•added 2023/04/06 12:0 a.m.•205 views

WIMAX SWC-5100W Remote Command Execution

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

6.8AI score

Exploit DB•added 2023/03/25 12:0 a.m.•149 views

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution

Exploit Title: D-Link DNR-322L Exploit Writeup: https://lukasec.ch/posts/dlinkdnr322.html Vendor Homepage: https://dlink.com Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305 Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE...

7.4AI score

CNNVD•added 2023/03/23 12:0 a.m.•3 views

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the enabled parameter of cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters, commands, etc., whi...

9.8CVSS8.2AI score0.02047EPSS

Packet Storm•added 2023/03/22 12:0 a.m.•295 views

Python CGI Documentation Cross Site Scripting

Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...

6.8AI score

Tenable Nessus•added 2023/03/21 12:0 a.m.•23 views

Ubuntu 20.04 LTS : Ruby vulnerability (USN-5806-3)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5806-3 advisory. USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Tenable has extracted the preceding description block directly from...

8.8CVSS7.2AI score0.02287EPSS

OpenVAS•added 2023/03/21 12:0 a.m.•12 views

Ubuntu: Security Advisory (USN-5806-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.02287EPSS

Ubuntu•added 2023/03/20 5:24 p.m.•55 views

USN-5806-3: Ruby vulnerability

USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use th...

8.8CVSS7.4AI score0.02287EPSS

Exploits1

OpenVAS•added 2023/03/20 12:0 a.m.•12 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1540)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.02287EPSS

Tenable Nessus•added 2023/03/19 12:0 a.m.•32 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1565)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

8.8CVSS7.2AI score0.02287EPSS

Tenable Nessus•added 2023/03/19 12:0 a.m.•24 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1540)

8.8CVSS7.2AI score0.02287EPSS

CNVD•added 2023/03/14 12:0 a.m.•3 views

NETGEAR Nighthawk WiFi6 Router Buffer Overflow Vulnerability

The NETGEAR Nighthawk WiFi6 Router is a series of wireless routers from NETGEAR. The NETGEAR Nighthawk WiFi6 Router suffers from a buffer overflow vulnerability that stems from the presence of buffer overflows in the device's various CGI mechanisms, which can be exploited by an attacker to execut...

9.8CVSS9.8AI score0.00813EPSS

OSV•added 2023/03/10 6:15 p.m.•4 views

CVE-2023-27852

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device...

9.8CVSS7.9AI score