EUVD-2018-7639

Malware in sbrugna...

EUVD-2021-22967

Malware in sbrugna...

EUVD-2021-8852

Malicious code in bioql PyPI...

EUVD-2021-8782

Malicious code in bioql PyPI...

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)

Exploit Title: Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution RCE via file upload Date: 2024-08-28 Exploit Author: Photubias Vendor Homepage: https://dell.com Vendor Advisory: 1...

📄 Dell EMC iDRAC7/iDRAC8 2.52.52.52 Remote Code Execution

Dell EMC iDRAC7/iDRAC8 version 2.52.52.52 suffers from a remote code execution vulnerability. Exploit Title: Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution RCE via file upload Date: 2024-08-28 Exploit Author: Photubias Vendor Homepage: https://dell.com Vendor Advisory: 1...

Dell EMC iDRAC8 < 2.85.85.85 (DSA-2024-089)

The version of Dell EMC iDRAC8 installed on the remote host is prior to 2.85.85.85. It is, therefore, affected by a command injection vulnerability in local RACADM. A malicious authenticated user could gain control of the underlying operating system. Note that Nessus has not tested for this issue...

VulnCheck KEV: CVE-2018-1207

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code...

Dell iDRAC8 Injection (CVE-2021-21510)

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary Host' header values to poison a web-cache or trigger redirections. This plugin only works with Tenable.ot...

Dell EMC Code Injection (CVE-2018-1207)

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. This plugin only works with Tenable.ot. Please visit...

Dell iDRAC7 Injection (CVE-2016-5685)

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Dell iDRAC6 Improperly Implemented Security Check for Standard (CVE-2018-1243)

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers t...

Dell iDRAC7 Command Injection (CVE-2018-1244)

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary...

Dell iDRAC7 Out-of-bounds Write (CVE-2020-5344)

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially...

Dell iDRAC7 Improper Authorization (CVE-2019-3764)

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive...

Dell iDRAC7 Incorrect Authorization (CVE-2018-15774)

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in th...

Dell iDRAC8 Improper Input Validation (CVE-2022-34436)

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update...

Dell EMC Injection (CVE-2021-21580)

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. Thi...

Dell EMC Path Traversal (CVE-2018-1211)

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by...

CVE-2022-34436

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update...