Lucene search
K

125 matches found

CNVD
CNVD
added 2020/04/01 12:0 a.m.0 views

Extreme Office 2019 suffers from a code execution vulnerability (CNVD-2020-28017)

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. Extreme Office 2019 suffers from a code execution vulnerability that can be exploited by an attacker to obtain web server administrative privileges using a carefully constructe...

7.6AI score
Exploits0
CNVD
CNVD
added 2020/03/12 12:0 a.m.3 views

Palo Alto Networks PAN-OS Command Execution Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS versions prior to 8.1.13. A local attacker could exploit the vulnerability to execute commands and gain root privileges...

7.8CVSS7.2AI score0.00362EPSS
Exploits0References1
Prion
Prion
added 2020/02/28 9:15 p.m.15 views

Design/Logic Flaw

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

7.5CVSS9.5AI score0.02767EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2020/02/24 12:0 a.m.2 views

Command Execution Vulnerability in eyoucms of Hainan Zanzan Network Technology Co.

EyouCms is a free + open source enterprise content management system based on the TP5.0 framework as the core development, focusing on the needs of enterprise building users. Hainan Zanzan Network Technology Co. eyoucms has a command execution vulnerability that can be exploited by attackers to...

7.5AI score
Exploits0
OSV
OSV
added 2020/01/25 1:13 p.m.4 views

OPENSUSE-SU-2020:0102-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. This update was imported from the SUSE:SLE-15-SP1:Update update project...

9.3CVSS8.9AI score0.0316EPSS
Exploits0References3
OSV
OSV
added 2020/01/20 8:21 a.m.8 views

SUSE-SU-2020:0131-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095...

9.3CVSS8.8AI score0.0316EPSS
Exploits0References3
CNVD
CNVD
added 2019/12/26 12:0 a.m.3 views

Command Execution Vulnerability in Oracle WebLogic Server

WebLogic Server is Oracle's JavaEE-based middleware for developing, integrating, deploying and managing large-scale distributed Web applications, web applications and database applications. A command execution vulnerability exists in Oracle WebLogic Server. An attacker can cause arbitrary code...

7.9AI score
Exploits0
0day.today
0day.today
added 2019/11/22 12:0 a.m.161 views

GNU Mailutils 3.7 - Privilege Escalation Exploit

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

7.8CVSS0.4AI score0.01135EPSS
Exploits5
CNVD
CNVD
added 2019/11/14 12:0 a.m.3 views

Technicolor Remote Command Execution Vulnerability

Technicolor Group is a leading provider of production, post-production and distribution services to content creators, network service providers and broadcasters. Technicolor suffers from a remote command execution vulnerability that originates from a program that does not perform sufficient input...

9CVSS7.9AI score0.16206EPSS
Exploits4References1
CNVD
CNVD
added 2019/09/10 12:0 a.m.2 views

Code Execution Vulnerability in Thunderwind Movie CMS (CNVD-2019-33540)

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind CMS has a code execution vulnerability that can be exploited by attackers to gain control of the web...

7.9AI score
Exploits0
NVD
NVD
added 2019/07/25 5:15 p.m.25 views

CVE-2019-2281

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...

7.8CVSS8.4AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/04 12:0 a.m.1 views

Code Execution Vulnerability in LmxCMS V1.4

Dream cms lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design mode. A code execution vulnerability exists in LmxCMS V1.4, which can be exploited by attackers to gain server privileges...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/08/24 12:0 a.m.2 views

Code Execution Vulnerability in PHPOKCMS

PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS suffers from a code execution vulnerability. An attacker can exploit this vulnerability by uploading a Trojan horse in a program upgrade/zip package upgrade to gain server privileges...

7.8AI score
Exploits0
CNVD
CNVD
added 2018/04/27 12:0 a.m.1 views

Code execution vulnerability in cms made simple backend file copying

CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . A code execution vulnerability exists in cms made simple version 2.2.7 when performing file copying in the background, which can be...

7.5AI score
Exploits0
CNVD
CNVD
added 2018/04/17 12:0 a.m.0 views

Code execution vulnerability in TP-Link enterprise routers (CNVD-2018-08408)

Tplink ER5110G, Tplink ER5120G and Tplink WAR1300L are enterprise VPN routers and enterprise wireless VPN routers. A code execution vulnerability exists in TP-Link Enterprise Routers. An attacker can exploit the vulnerability to obtain the router's administrator username and password, or hijack a...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/03/28 12:0 a.m.1 views

Code execution vulnerability in hao6cms v2.0 config_edit.asp file

hao6cms is an enterprise website management system. A code execution vulnerability exists in the hao6cms v2.0 configedit.asp file. The vulnerability is due to the parameters failed to filter the direct splicing written to the configuration file, an attacker can exploit the vulnerability to obtain...

7.5AI score
Exploits0
OSV
OSV
added 2018/01/23 1:29 a.m.4 views

CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...

9.8CVSS6.2AI score0.04232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/01/23 1:29 a.m.2 views

CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...

9.8CVSS6.4AI score0.04232EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2017/03/14 3:26 p.m.100 views

Patch Tuesday Returns; Microsoft Quiet on Postponement

Patch Tuesday returned today as expected after last month’s postponement with a giant release of fixes that includes patches for vulnerabilities disclosed and exploited since the last set of updates in January. Microsoft, however, was relatively silent on the reasons why the February updates were...

9.3CVSS9.1AI score0.99945EPSS
Exploits45References12
CNVD
CNVD
added 2016/08/14 12:0 a.m.4 views

Hancom Office 2014 VP Local Arbitrary Code Execution Vulnerability (CNVD-2016-06356)

Hancom Office 2014 VP is a cloud storage service solution developed by Hancom Korea. Hancom Office 2014 VP suffers from a local arbitrary code execution vulnerability that could be exploited by a local attacker to execute arbitrary code in the context of the application or conduct a denial of...

7.8CVSS7.8AI score0.02232EPSS
Exploits2References1
Rows per page
Query Builder