Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17430

Malware in sbrugna...

10CVSS9.2AI score0.23304EPSS
Exploits0References2
NVD
NVD
added 2024/11/26 11:22 a.m.16 views

CVE-2024-50367

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

7.2CVSS0.01042EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 10:55 a.m.20 views

CVE-2024-50367

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

7.2CVSS0.01042EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 10:54 a.m.22 views

CVE-2024-50362

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

7.2CVSS0.01042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/26 10:53 a.m.10 views

CVE-2024-50360

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

7.2CVSS7AI score0.01042EPSS
Exploits0References1
Prion
Prion
added 2023/04/19 12:15 p.m.20 views

Command injection

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...

5.5CVSS5.8AI score0.00871EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/19 12:0 a.m.37 views

CVE-2023-25759

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...

6AI score0.00871EPSS
Exploits0References2
CVE
CVE
added 2023/04/19 12:0 a.m.60 views

CVE-2023-25759

The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...

5.4CVSS5.7AI score0.00871EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/11/30 12:0 a.m.9 views

D-Link DNR-322L Command Injection Vulnerability

The D-Link DNR-322L is a surveillance memory from D-Link. A command injection vulnerability exists in D-Link DNR-322L version 2.60B15 and earlier, which stems from a data integrity failure in the backup configuration and can be exploited by an authenticated attacker to execute OS-level commands o...

8.8CVSS7.5AI score0.31328EPSS
Exploits3References1
Prion
Prion
added 2022/11/29 5:15 a.m.28 views

Command injection

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...

6.5CVSS8.8AI score0.31328EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2022/11/29 12:0 a.m.32 views

CVE-2022-40799

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...

9.1AI score0.31328EPSS
Exploits3References1
NVD
NVD
added 2021/09/14 12:15 p.m.17 views

CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

9.9CVSS0.03054EPSS
Exploits0References4
Prion
Prion
added 2021/09/14 12:15 p.m.14 views

Design/Logic Flaw

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

9CVSS8.5AI score0.03054EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/09/14 11:15 a.m.20 views

CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

9.9CVSS8.8AI score0.03054EPSS
Exploits0References4
NVD
NVD
added 2020/11/12 9:15 p.m.16 views

CVE-2020-24719

Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...

10CVSS9.7AI score0.23304EPSS
Exploits0References1
Prion
Prion
added 2020/11/12 9:15 p.m.19 views

Command injection

Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...

10CVSS9.5AI score0.23304EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2018/12/10 9:56 a.m.105 views

Semrush: Persistent CSV injection

Hi Team, https://www.semrush.com/notes is vulnerable to persistent csv injection stored csv injection POC: 1 Login into application and open https://www.semrush.com/notes 2 click on "Add note" button 3 And enter csv injection payloads like =4+4, =HYPERLINK"http://evil.com", "EVIL" and click on sa...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/08/21 5:3 p.m.26 views

Command Injection in git-dummy-commit

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

10CVSS3.5AI score0.04001EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/08/17 1:29 p.m.14 views

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

9.8CVSS7.5AI score
Exploits0References1
NVD
NVD
added 2018/08/17 1:29 p.m.27 views

CVE-2018-3785

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

10CVSS9.8AI score0.04001EPSS
Exploits1References1
Rows per page
Query Builder