Lucene search
+L

152 matches found

exploitdb
exploitdb
added 2020/06/04 12:0 a.m.477 views

VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution

Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.211EPSS
Exploits11
packetstorm
packetstorm
added 2020/06/02 12:0 a.m.326 views

vCloud Director 9.7.0.15498291 Remote Code Execution

!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

6.5CVSS0.4AI score0.211EPSS
Exploits11
exploitdb
exploitdb
added 2020/06/02 12:0 a.m.217 views

vCloud Director 9.7.0.15498291 - Remote Code Execution

!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.211EPSS
Exploits11
veracode
veracode
added 2020/05/18 6:5 a.m.58 views

EL Expression Injection

hibernate-validator is vulnerable to EL Expression Injection. The vulnerability exists as the value of modType in the validation message is improperly evaluated with $...

5.3CVSS2.8AI score0.02294EPSS
Exploits0References11Affected Software272
cnvd
cnvd
added 2019/06/06 12:0 a.m.5 views

HPE Intelligent Management Center (IMC) quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A quickTemplateSelect expression language injection remote code execution vulnerability exists in HPE...

9CVSS8.6AI score0.0364EPSS
Exploits0References1
zdi
zdi
added 2019/05/30 12:0 a.m.36 views

Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8.8CVSS3AI score0.0364EPSS
Exploits0References1
cnvd
cnvd
added 2017/07/29 12:0 a.m.4 views

Expression Injection Vulnerability in Kingdee GSiS Government Service Platform

GSiS government service platform is an integrated product developed by Kingdee to integrate government affairs disclosure, government services and e-surveillance on a unified e-government platform. Expression injection vulnerability exists in Kingdee GSiS government service platform. It allows...

7.9AI score
Exploits0
prion
prion
added 2017/07/18 6:29 p.m.20 views

Code injection

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

4CVSS4.6AI score0.00599EPSS
Exploits0References2
cve
cve
added 2017/07/18 6:0 p.m.48 views

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...

4.3CVSS4.5AI score0.00599EPSS
Exploits0References2Affected Software1
cnvd
cnvd
added 2017/03/22 12:0 a.m.4 views

Expression injection vulnerability in e-mobile platform login.do page of Shanghai Panmicro Network Technology Co.

e-mobile is Panavision's mobile office product for cell phones, tablets and other mobile terminals. An expression injection vulnerability exists in the login.do page of the e-mobile platform of Shanghai Panmicro Network Technology Co. The vulnerability allows an attacker to remotely execute...

7.9AI score
Exploits0
seebug
seebug
added 2016/07/13 12:0 a.m.28 views

Spring Boot framework the expression injection vulnerability

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/08/11 12:0 a.m.26 views

Discuz! X-Series remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability root causes The root of the problem is that the api/uc. php file in the updatebadwords method, the code is as follows: function updatebadwords$get, $post global $G; if! APIUPDATEBADWORDS return APIRETURNFORBIDDEN; $data = array; ifisarray$post foreach$post as $k = $v...

0.3AI score
Exploits0
Rows per page
Query Builder