CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

62 matches found

OSV•added 2020/01/31 10:15 p.m.•1 views

DEBIAN-CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command...

7.8CVSS8.6AI score0.09808EPSS

Exploits0References1

OSV•added 2020/01/31 10:15 p.m.•22 views

CVE-2014-8140

Heap-based buffer overflow in the testcompreb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command...

7.8CVSS7.8AI score

Exploits0References5

Cvelist•added 2020/01/31 10:0 p.m.•21 views

CVE-2014-8140

8.2AI score0.09808EPSS

Exploits0References4

UbuntuCve•added 2019/11/20 12:0 a.m.•136 views

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

8.1CVSS6.7AI score0.01157EPSS

Exploits1References3

Positive Technologies•added 2019/10/25 12:0 a.m.•2 views

PT-2019-4295 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.885 Description: The issue is related to a lack of input sanitization in the filemanager2.php component, allowing for the execution of arbitrary HTML code or JavaScript scripts. This can be exploited via the cmd...

4.6CVSS4.8AI score0.00081EPSS

Exploits2References6

BDU FSTEC•added 2019/10/16 12:0 a.m.•1 views

The vulnerability of the docker build mechanism, a tool for automating the deployment and management of applications in containerized environments, allows an attacker to gain unauthorized access to information, cause service failures, or affect the availability of information.

The vulnerability of the docker build mechanism, a tool for automating the deployment and management of applications in containerized environments, is related to insufficient testing of arguments passed in commands. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

8.4CVSS7.5AI score0.00538EPSS

Exploits1References6Affected Software3

OSV•added 2019/03/11 9:29 p.m.•1 views

CVE-2019-1610

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

6.7CVSS6.3AI score

Exploits0References2

OSV•added 2017/03/17 7:52 p.m.•3 views

OPENSUSE-SU-2017:0737-1 Security update for irssi

This update to irssi 1.0.2 fixes security issues and bugs. The following vulnerabilities were fixed: boo1029020: Use after free while producing list of netjoins The following non-security changes are included: - Fix in command arg parser to detect missing arguments in tail place - Fix regression...

8.1AI score

Exploits0References1

Tenable Nessus•added 2014/04/29 12:0 a.m.•686 views

Nagios NRPE Command Argument Processing Enabled

The version of Nagios Remote Plugin Executor NRPE running on the remote host has command argument processing enabled and accepts the newline character. An unauthenticated, remote attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application by...

7.5CVSS6.1AI score0.1857EPSS

Exploits6References3

OSV•added 2012/09/15 12:0 a.m.•24 views

DSA-2549-1 devscripts - multiple

Bulletin has no description...

7.5CVSS5.9AI score0.00975EPSS

Exploits0

Check Point Advisories•added 2009/12/17 12:0 a.m.•2 views

IBM Informix Dynamic Server Command Argument Processing Stack Overflow (CVE-2008-0727)

Informix is a family of relational database management system RDBMS products by IBM. It is positioned as IBM's flagship data server for online transaction processing OLTP as well as integrated solutions. IBM Informix Dynamic Server is an online transaction processing data server. A stack buffer...

8.5CVSS8.2AI score0.26903EPSS

Exploits5

Japan Vulnerability Notes•added 2008/05/20 3:0 p.m.•2 views

KON2 Buffer Overflow Vulnerability in Command Argument Validation

Overview KON Kanji ON Linux console, provided by Linux Japan RPM Project, contains a buffer overflow vulnerability due to improper validation of command line arguments. Impact An attacker could execute arbitrary command with the root privileges. Solution Please refer to the 'Vendor Information'...

7.2CVSS7.7AI score0.00128EPSS

Exploits0References5

Prion•added 2008/04/02 5:44 p.m.•12 views

Stack overflow

Stack-based buffer overflow in the auditlogusercommand function in lib/auditlogging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information...

4.1CVSS8.2AI score0.00448EPSS

Exploits0References14Affected Software1

UbuntuCve•added 2008/04/02 5:44 p.m.•29 views

CVE-2008-1628

4.1CVSS6.4AI score0.00448EPSS

Exploits0References1

Cvelist•added 2008/04/02 5:0 p.m.•34 views

CVE-2008-1628

7.8AI score0.00448EPSS

Exploits0References14

Debian CVE•added 2008/04/02 5:0 p.m.•20 views

CVE-2008-1628

4.1CVSS7.7AI score0.00448EPSS

Exploits0

Cvelist•added 2006/12/03 6:0 p.m.•16 views

CVE-2006-6240

Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. dot dot sequence in an FTP command argument, as demonstrated by RETR GET or STOR PUT. NOTE: The provenance of th...

6.2AI score0.00603EPSS

Exploits0References4

Cvelist•added 2004/09/01 4:0 a.m.•19 views

CVE-2002-1250

Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument...

6.9AI score0.00335EPSS

Exploits1References4