Lucene search
K

1885 matches found

0day.today
0day.today
added 2020/04/06 12:0 a.m.47 views

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This modu...

7.1AI score0.77261EPSS
Exploits7
CNVD
CNVD
added 2020/04/03 12:0 a.m.4 views

jscover Command Injection Vulnerability

jscover is a JavaScript code test coverage tool. An injection vulnerability exists in jscover 1.0.0 and earlier versions, which stems from a lack of proper validation of user input data. A remote attacker can exploit the vulnerability to execute arbitrary commands with the help of the 'source'...

9.8CVSS8.1AI score0.035EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/02 9:28 p.m.35 views

CVE-2020-7627

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

9.8AI score0.04118EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2020/03/26 4:5 p.m.5 views

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

9.7AI score0.39389EPSS
Exploits1References2
CNVD
CNVD
added 2020/03/20 12:0 a.m.1 views

Cisco SD-WAN Solution vManage Command Injection Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. vManage is a network management system. A command injection vulnerability exists in the Web UI in Cisco SD-WAN Solution vManage Release prior to 19.2.2, which stems from the Web UI failing to properly validate SQL values. A...

8.5CVSS8.1AI score0.54249EPSS
Exploits0References1
0day.today
0day.today
added 2020/03/15 12:0 a.m.465 views

Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability

Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. ======================================================================= title: Authenticated Command...

8.8AI score0.08894EPSS
Exploits15
NVD
NVD
added 2020/03/12 12:15 a.m.22 views

CVE-2019-5170

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

7.8CVSS7.7AI score0.01358EPSS
Exploits1References1
OSV
OSV
added 2020/02/13 10:49 a.m.6 views

MGASA-2020-0082 Updated vim and neovim packages fix security vulnerability

Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands whe...

9.3CVSS8.8AI score0.19111EPSS
Exploits5References3
Prion
Prion
added 2020/01/24 10:15 p.m.25 views

Command injection

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

3.6CVSS6.1AI score0.00427EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.31 views

Cisco FXOS Software Command Injection (cisco-sa-20190306-nxos-cmdinj-1611)

According to its self-reported version, Cisco FXOS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands. An authenticated, local attacker with valid administrator credentials can exploit this by including malicious...

7.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/17 12:0 a.m.28 views

Cisco FXOS Software Command Injection Vulnerability (CVE-2019-1779)

According to its self-reported version, Cisco FXOS Software is affected by the vulnerability that allows an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient...

7.2CVSS5.8AI score0.00446EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/10/02 7:6 p.m.23 views

CVE-2019-12690 Cisco Firepower Management Center Command Injection Vulnerability

A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of...

7.2CVSS7.3AI score0.03507EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/23 12:0 a.m.3 views

Docker Command Injection Vulnerability

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

8.4CVSS8.9AI score0.01945EPSS
Exploits1References1
Prion
Prion
added 2019/08/20 9:15 p.m.11 views

Command injection

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code...

10CVSS9.7AI score0.06045EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2019/08/20 12:0 a.m.9 views

ZTE ZXHN F670 Command Injection Vulnerability

The ZTE ZXHN F670 is a modem from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE ZXHN F670. An attacker can exploit this vulnerability to execute illegal commands...

9CVSS7.8AI score0.01859EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/14 11:14 a.m.20 views

Security Bulletin: IBM MQ Appliance is affected by a command injection vulnerability (CVE-2019-4294)

Summary IBM MQ Appliance has addressed the following command injection vulnerability. Vulnerability Details CVEID: CVE-2019-4294 DESCRIPTION: IBM DataPower and IBM MQ Appliance could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability...

8.4CVSS1.6AI score0.00945EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/01 12:0 a.m.5 views

PT-2025-26462

Name of the Vulnerable Software and Affected Versions sar2html versions 3.2.2 and prior Description An OS command injection vulnerability exists due to insufficient input validation when processing the plot parameter in the index.php file. Remote, unauthenticated attackers can inject shell comman...

10CVSS5.8AI score0.60635EPSS
Exploits1References17
Packet Storm
Packet Storm
added 2019/07/12 12:0 a.m.243 views

Xymon useradm Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...

6.5CVSS9.3AI score0.54507EPSS
Exploits5
CNVD
CNVD
added 2019/07/03 12:0 a.m.3 views

TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-21269)

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

8.8CVSS7.8AI score0.02052EPSS
Exploits0References1
0day.today
0day.today
added 2019/07/02 12:0 a.m.134 views

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...

7.1AI score
Exploits0
Rows per page
Query Builder