Lucene search
K

235 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.36 views

K04234247: Resource Administrator or Administrator role authenticated local command execution vulnerability CVE-2021-23012

Security Advisory Description Lack of input validation for items used in system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. CVE-2021-23012 Impact In a standard BIG-IP deployment, a minor...

8.2CVSS8.4AI score0.00273EPSS
Exploits0Affected Software11
Kitploit
Kitploit
added 2022/10/29 11:30 a.m.48 views

Threatest - Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Read the announcement blog post:...

7.6AI score
Exploits0References2
CNNVD
CNNVD
added 2022/06/21 12:0 a.m.2 views

OpenSSL 操作系统命令注入漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hash algorithms, secure hash...

10CVSS7.9AI score0.96275EPSS
Exploits1References58
OSV
OSV
added 2021/04/22 8:15 p.m.4 views

CVE-2021-0253

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R...

7.8CVSS5.8AI score0.00546EPSS
Exploits1References2
NVD
NVD
added 2021/04/22 8:15 p.m.29 views

CVE-2021-0253

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R...

7.8CVSS0.00546EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/22 7:37 p.m.33 views

CVE-2021-0253 Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon JDMD process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R...

7.8CVSS7.9AI score0.00546EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.4 views

Wcms 代码问题漏洞

WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...

8.3CVSS5.9AI score0.01051EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.5 views

Wcms 代码问题漏洞

WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...

8.3CVSS5.8AI score0.01155EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/22 12:0 a.m.3 views

XStream 操作系统命令注入漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a code execution vulnerability that can be exploited by an attacker to manipulate the processed input stream and replace...

9.9CVSS8.9AI score0.72324EPSS
Exploits1References47
OSV
OSV
added 2021/01/20 3:15 p.m.4 views

CVE-2020-4688

IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700...

7.8CVSS6.7AI score0.00898EPSS
Exploits0References2
OSV
OSV
added 2020/02/07 3:15 p.m.5 views

CVE-2020-8126

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...

7.8CVSS7.1AI score0.00517EPSS
Exploits0References1
CVE
CVE
added 2020/02/07 2:56 p.m.53 views

CVE-2020-8126

The CVE-2020-8126 case affects Ubiquiti EdgeSwitch before version 1.7.1, where a CGI script does not fully sanitize user input, enabling local command execution. An operator-privilege user (Privilege-1) can escalate to administrator (Privilege-15). The issue is triggered via crafted input in the ...

7.8CVSS7.9AI score0.00517EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/02/07 2:56 p.m.31 views

CVE-2020-8126

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...

8.1AI score0.00517EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/07/17 8:25 p.m.20 views

CVE-2019-1923 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by...

6.6CVSS6.7AI score0.00472EPSS
Exploits0References2
CNVD
CNVD
added 2019/07/04 12:0 a.m.3 views

D-Link DCS-1100 and D-Link DCS-1130 Buffer Error Vulnerability (CNVD-2019-21249)

The D-Link DCS-1100 and the D-Link DCS-1130 are both network cameras from Taiwan, China-based AUO D-Link. A buffer error vulnerability exists in the D-Link DCS-1100 and DCS-1130. A local attacker could exploit this vulnerability to execute arbitrary commands on the device without authentication...

8.8CVSS7.6AI score0.11589EPSS
Exploits0References1
OSV
OSV
added 2019/05/06 5:19 p.m.4 views

USN-3968-1 sudo vulnerabilities

Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. CVE-2016-7076 It was discovered that Sudo did not properly parse the...

8.2CVSS6.9AI score0.00573EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/03/07 12:0 a.m.27 views

FreeBSD : rssh - multiple vulnerabilities (d193aa9f-3f8c-11e9-9a24-6805ca0b38e8)

NVD reports : rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...

9.8CVSS8.2AI score0.04869EPSS
Exploits5References5
OSV
OSV
added 2019/02/04 9:29 p.m.2 views

ALPINE-CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

7.8CVSS7.2AI score0.0188EPSS
Exploits5References1
Prion
Prion
added 2019/02/04 9:29 p.m.20 views

Command injection

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

4.6CVSS7.7AI score0.0188EPSS
Exploits5References9Affected Software4
AlpineLinux
AlpineLinux
added 2019/02/04 9:0 p.m.29 views

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

7.8CVSS8.9AI score0.0188EPSS
Exploits5
Rows per page
Query Builder