Lucene search
+L

145 matches found

NVD
NVD
added 2020/12/15 8:15 p.m.35 views

CVE-2020-25759

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests...

9CVSS8.8AI score0.02275EPSS
Exploits0References3
Prion
Prion
added 2020/12/15 8:15 p.m.23 views

Design/Logic Flaw

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests...

9CVSS8.7AI score0.02275EPSS
Exploits0References3Affected Software9
Cvelist
Cvelist
added 2020/12/15 7:28 p.m.35 views

CVE-2020-25759

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests...

8.8AI score0.02275EPSS
Exploits0References3
ICS
ICS
added 2020/10/24 12:0 p.m.29 views

Emotet Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA and the Multi-State...

9.6AI score
Exploits0References85
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.707 views

Mobile Shop System v1.0 - SQL Injection Authentication Bypass

Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.969 views

Mobile Shop System 1.0 SQL Injection

Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2020/07/22 5:41 p.m.42 views

ZenTao Pro 8.8.2 Remote Code Execution

This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. The module first attempts to authenticate to the ZenTao dashboard. It then tries to execute the payload by submitting fake repositories vi...

9.6CVSS9.2AI score0.17225EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/07/11 12:0 a.m.867 views

Pandora FMS 7.0 NG 7XX Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pandora FMS Events Remote Command Execution', 'Description' = %q This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 ...

9CVSS0.5AI score0.91095EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.25 views

Fedora 30 : coturn (2020-f3fcb1608a)

An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. - An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server...

9.8CVSS6.9AI score0.06102EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2020/03/24 9:1 p.m.49 views

Unknown 'WildPressure' Malware Campaign Lets Off Steam in Middle East

A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed “WildPressure,” the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code. According to...

7.2AI score
Exploits0References9
NVD
NVD
added 2019/12/17 10:15 p.m.21 views

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieveurl to use a freed variable...

7.5CVSS7.5AI score0.02928EPSS
Exploits1References3
NVD
NVD
added 2019/12/17 10:15 p.m.24 views

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests...

7.5CVSS6.6AI score0.05879EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/12/17 10:15 p.m.24 views

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieveurl to use a freed variable...

7.5CVSS7.2AI score0.02928EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/11/18 12:0 a.m.7 views

The vulnerability of the Config software interface towards the Apache Solr search server allows a hacker to execute arbitrary code.

The vulnerability of the Config software interface of the Apache Solr search server lies in the rehydration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the Solr side through HTTP POST requests after deserialization...

9.8CVSS8.6AI score0.77508EPSS
Exploits1References4Affected Software2
ThreatPost
ThreatPost
added 2019/08/28 9:57 p.m.51 views

Elderly China Chopper Tool Still Going Strong in Multiple Campaigns

A nine-year-old web shell used for providing remote access to web servers for cyberattackers is staying very active despite its advanced age in cyber-years, anyway. Researchers said they’ve spotted it being used in several recent campaigns – all with disparate goals. The tool, known as China...

0.1AI score
Exploits0References2
NVD
NVD
added 2019/01/24 3:29 p.m.27 views

CVE-2019-1652

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...

9CVSS7.7AI score0.95923EPSS
Exploits11References9
Prion
Prion
added 2018/11/28 6:29 p.m.17 views

Sql injection

A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...

7.5CVSS9.8AI score0.03652EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/11/28 6:29 p.m.19 views

CVE-2018-15441

A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...

9.8CVSS9.8AI score0.03652EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/11/28 6:0 p.m.8 views

CVE-2018-15441 Cisco Prime License Manager SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...

9.4CVSS8.2AI score0.03652EPSS
Exploits0References2
NVD
NVD
added 2018/04/22 1:29 p.m.34 views

CVE-2018-10286

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs ...

8.8CVSS8.4AI score0.06642EPSS
Exploits4References2
Rows per page
Query Builder