Lucene search
K

5909 matches found

BDU FSTEC
BDU FSTEC
added 2019/05/07 12:0 a.m.3 views

The vulnerability of the WLS9_ASYNC and WLS-WSAT component of the Oracle WebLogic Server allows a hacker to execute arbitrary code and take control of the target system.

The vulnerability of the WLS9ASYNC and WLS-WSAT component of the Oracle WebLogic Server application server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and gain control over the target system...

10CVSS8.1AI score0.99964EPSS
Exploits35References8Affected Software1
NVD
NVD
added 2019/04/30 9:29 p.m.22 views

CVE-2019-3935

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows...

9.1CVSS9.2AI score0.03334EPSS
Exploits1References1
NVD
NVD
added 2019/04/30 9:29 p.m.31 views

CVE-2019-3931

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root...

9CVSS8.9AI score0.0588EPSS
Exploits1References1
Prion
Prion
added 2019/04/30 9:29 p.m.28 views

Code injection

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root...

9CVSS8.8AI score0.0588EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2019/04/30 8:28 p.m.34 views

CVE-2019-3931

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root...

8.9AI score0.0588EPSS
Exploits1References1
NVD
NVD
added 2019/04/18 2:29 a.m.15 views

CVE-2019-1841

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

8.1CVSS7AI score0.02644EPSS
Exploits0References2
Prion
Prion
added 2019/04/18 2:29 a.m.19 views

Input validation

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

5.5CVSS8AI score0.02644EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2019/04/17 4:0 p.m.44 views

Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

6.5CVSS1.8AI score0.02644EPSS
Exploits0References1
Veracode
Veracode
added 2019/04/15 5:28 a.m.15 views

Cross-site Request Forgery (CSRF)

Contao is susceptible to cross-site request forgery attacks. The vulnerability exists as the server does not verify the authenticity of HTTP requests, allowing a remote attacker to perform unauthorized actions on behalf of the user by tricking a user into visiting a malicious site...

8.8CVSS8.4AI score0.00499EPSS
Exploits0References4Affected Software2
0day.today
0day.today
added 2019/04/15 12:0 a.m.77 views

Cisco RV130W Routers Management Interface Remote Command Execution Exploit

A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based...

10CVSS1AI score0.95707EPSS
Exploits15
Packet Storm
Packet Storm
added 2019/04/14 12:0 a.m.382 views

Cisco RV130W Routers Management Interface Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework linux/armle/meterpreter/bindtcp - segfault linux/armle/meterpreter/reversetcp - segfault linux/armle/meterpreterreversehttp - works linux/armle/meterpreterreversehttps -...

10CVSS0.7AI score0.95707EPSS
Exploits15
Veracode
Veracode
added 2019/04/11 3:15 a.m.20 views

Cross-Site Request Forgery (CSRF)

apache-airflow is vulnerable to cross-site request forgery CSRF. A lack of request verification did not allow the webserver to determine the authenticity of HTTP requests, allowing a remote attacker to perform CSRF attacks...

8.8CVSS8.5AI score0.01488EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/04/09 6:29 p.m.32 views

CVE-2019-8990

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...

9.1CVSS8.6AI score0.02889EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2019/04/02 12:0 a.m.93 views

JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery

Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings aka a SetWiFiSetting request to cgi-bin/qcmapwebcgi Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

6.5CVSS6.5AI score0.0196EPSS
Exploits5
NVD
NVD
added 2019/03/28 1:29 a.m.19 views

CVE-2019-1755

A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

9CVSS7AI score0.03451EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/03/28 12:15 a.m.20 views

CVE-2019-1755 Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

6.5CVSS7.3AI score0.03451EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/03/26 5:47 a.m.4 views

openwsman: Disclosure of arbitrary files outside of the registered URIs

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman serve...

7.5CVSS5.9AI score0.14739EPSS
Exploits0References4
NVD
NVD
added 2019/03/21 4:29 p.m.22 views

CVE-2018-4030

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any...

7.5CVSS6AI score0.01168EPSS
Exploits1References1
Prion
Prion
added 2019/03/21 4:29 p.m.19 views

Cross site request forgery (csrf)

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any...

5CVSS7.5AI score0.01168EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/03/21 4:1 p.m.47 views

CVE-2019-6973

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...

7.5CVSS7.5AI score0.13776EPSS
Exploits5References3
Rows per page
Query Builder