Lucene search
+L

129 matches found

CNVD
CNVD
added 2021/03/25 12:0 a.m.9 views

Cisco IOS XE SD-WAN Parameter Injection Vulnerability

Cisco IOS XE is an open and flexible operating system optimized for future work. A parameter injection vulnerability exists in Cisco IOS XE versions after 17.3.1. The vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit the vulnerability to gain...

7.2CVSS7.2AI score0.00592EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/03/24 8:6 p.m.25 views

CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...

6CVSS6.8AI score0.0028EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/02/12 9:15 p.m.4 views

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

8.8CVSS8.1AI score0.0149EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/02/12 9:15 p.m.3 views

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

9.9CVSS8.6AI score0.0115EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/02/12 12:0 a.m.6 views

Nedi Consulting NeDi 操作系统命令注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...

8.8CVSS7.4AI score0.0149EPSS
Exploits1References2
OSV
OSV
added 2020/11/18 6:15 p.m.2 views

CVE-2020-3367

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

7.8CVSS6AI score0.00788EPSS
Exploits0References1
NVD
NVD
added 2020/08/20 4:15 p.m.21 views

CVE-2020-16280

Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating...

5.5CVSS5.4AI score0.0026EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/06/03 12:56 p.m.7 views

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in...

9.1CVSS7.7AI score0.01888EPSS
Exploits0
NVD
NVD
added 2020/05/27 5:15 p.m.14 views

CVE-2020-6774

Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system...

9.3CVSS9.1AI score0.00279EPSS
Exploits0References1
Talos
Talos
added 2020/03/09 12:0 a.m.78 views

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

7.5CVSS6.7AI score0.02199EPSS
Exploits1
CNVD
CNVD
added 2019/12/04 12:0 a.m.5 views

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44282)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

8.8CVSS7.8AI score0.01393EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/04 12:0 a.m.4 views

Forma Learning Management System SQL Injection Vulnerability (CNVD-2020-02570)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

8.8CVSS7.8AI score0.01064EPSS
Exploits1References1
OSV
OSV
added 2019/12/03 10:15 p.m.6 views

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

8.8CVSS7.1AI score0.01605EPSS
Exploits1References1
NVD
NVD
added 2019/12/03 10:15 p.m.19 views

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

8.8CVSS7.9AI score0.01605EPSS
Exploits1References1
Prion
Prion
added 2019/12/03 10:15 p.m.14 views

Sql injection

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

6.5CVSS8.9AI score0.01064EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/12/03 10:15 p.m.14 views

Sql injection

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

6.5CVSS8.7AI score0.01605EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/03 9:44 p.m.35 views

CVE-2019-5110

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

7.4CVSS9.1AI score0.01064EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/12/03 9:43 p.m.30 views

CVE-2019-5109

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

7.4CVSS9.1AI score0.01064EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/12/03 9:38 p.m.21 views

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

7.4CVSS8.8AI score0.01605EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/12/03 9:37 p.m.28 views

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

7.4CVSS8.8AI score0.01393EPSS
Exploits1References1
Rows per page
Query Builder