Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

0day.today
0day.todayadded 2024/03/27 12:0 a.m.336 views

Artica Proxy Unauthenticated PHP Deserialization Exploit

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and...

9.8CVSS10AI score0.8126EPSS
Exploits9
Metasploit
Metasploitadded 2024/01/24 7:49 p.m.521 views

GL.iNet Unauthenticated Remote Command Execution via the logread module.

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This exploit requires post-authentication using the Admin-Token...

9.8CVSS9.2AI score0.47804EPSS
Exploits5
0day.today
0day.todayadded 2023/09/13 12:0 a.m.360 views

Ivanti Sentry Authentication Bypass / Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE CVE-2023-38035', 'Description' = %q This module exploits an authentication bypass in...

9.8CVSS9.8AI score0.99949EPSS
Exploits6
Packet Storm
Packet Stormadded 2023/01/31 12:0 a.m.377 views

Control Web Panel Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'CWP login.php Unauthenticated RCE', 'Description' = %q Control Web Panel versions 'Spencer McIntyre', metasploit module...

9.8CVSS0.6AI score0.99989EPSS
Exploits12
Packet Storm
Packet Stormadded 2022/11/02 12:0 a.m.542 views

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...

10CVSS0.2AI score0.92335EPSS
Exploits8
Packet Storm
Packet Stormadded 2022/05/16 12:0 a.m.406 views

Zyxel Firewall ZTP Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...

0.2AI score0.99938EPSS
Exploits25
0day.today
0day.todayadded 2021/11/10 12:0 a.m.335 views

Microsoft OMI Management Interface Authentication Bypass Exploit

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...

9.8CVSS7.6AI score0.99723EPSS
Exploits20
Packet Storm
Packet Stormadded 2021/06/17 12:0 a.m.313 views

Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...

5CVSS0.3AI score0.80426EPSS
Exploits5
Packet Storm
Packet Stormadded 2020/12/24 12:0 a.m.1243 views

Apache Struts 2 Forced Multi OGNL Evaluation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Forced Multi OGNL Evaluation', 'Description' = %q The Apache Struts framework, when forced, performs double evaluation of...

7.5CVSS9.8AI score0.97399EPSS
Exploits23
0day.today
0day.todayadded 2020/11/12 12:0 a.m.121 views

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

9.8CVSS9.4AI score0.99585EPSS
Exploits5
Packet Storm
Packet Stormadded 2020/09/22 12:0 a.m.297 views

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection', 'Description' = %q This module exploits an authenticated command...

9CVSS1.1AI score0.93967EPSS
Exploits8
0day.today
0day.todayadded 2018/09/07 12:0 a.m.22 views

Ghostscript Failed Restore Command Execution Exploit

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore grestore in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the...

0.3AI score
Exploits0
Rows per page
Query Builder