CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9788 matches found

ATTACKERKB•added 2020/07/28 12:0 a.m.•29 views

CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The ‘rsearch’ calculation for the ‘post’ size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...

9.8CVSS0.05186EPSS

Exploits0References10

Github Security Blog•added 2020/07/27 10:51 p.m.•56 views

Command Injection in Kylin

Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

9CVSS3.1AI score0.9796EPSS

Exploits2References18Affected Software1

Veracode•added 2020/07/24 4:25 a.m.•9 views

OS Command Injection

xps is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the pid parameter due to the lack of sanitisation and validation...

5.2AI score

Exploits0

OSV•added 2020/07/24 1:15 a.m.•3 views

CVE-2020-15922

There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. Authentication is required...

9.8CVSS7.4AI score0.57326EPSS

Exploits3References2

OSV•added 2020/07/24 1:15 a.m.•1 views

CVE-2020-15920

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. No authentication is required...

9.8CVSS7.4AI score0.98278EPSS

Exploits6References3

Cvelist•added 2020/07/24 12:58 a.m.•29 views

CVE-2020-15920

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution RCE with administrative root privileges. No authentication is required...

10AI score0.98278EPSS

Exploits6References3

CVE•added 2020/07/24 12:58 a.m.•151 views

CVE-2020-15920

CVE-2020-15920 affects Mida Solutions eFramework

10CVSS9.9AI score0.98278EPSS

In wildExploits6References3Affected Software1

CVE•added 2020/07/24 12:58 a.m.•103 views

CVE-2020-15922

CVE-2020-15922 describes an OS Command Injection in Mida Solutions’ eFramework version 2.9.0 that enables Remote Code Execution with administrative/root privileges, requiring authentication. The connected Red Hat, CNVD, CNVD-like and Exploit-DB entries corroborate a root-level impact via command ...

10CVSS9.9AI score0.57326EPSS

Exploits3References2Affected Software1

Positive Technologies•added 2020/07/24 12:0 a.m.•2 views

PT-2020-14714 · Mida · Mida Eframework

Name of the Vulnerable Software and Affected Versions: Mida eFramework versions prior to 2.9.1 Description: The issue allows an attacker to achieve Remote Code Execution RCE with administrative root privileges due to an OS Command Injection. No authentication is required. Recommendations: For...

10CVSS9.9AI score0.98278EPSS

Exploits6References6

Core Security•added 2020/07/23 12:0 a.m.•27 views

: Parallels RAS OS Command Execution

1. Advisory Information Title : Parallels RAS OS Command Execution Advisory ID : CORE-2020-0011 Advisory URL:https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution Date published : 2020-07-23 Date of last update : 2020-07-21 Vendors contacted : Parallels Release mode...

9.9CVSS9.7AI score0.04009EPSS

Exploits1

CNVD•added 2020/07/21 12:0 a.m.•3 views

Grandstream UCM6200 Series OS Command Injection Vulnerability

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. The vulnerability can be exploited to execute commands as root by issuing speciall...

10CVSS8.1AI score0.03204EPSS

Exploits0References1

OSV•added 2020/07/17 9:15 p.m.•3 views

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

9.8CVSS5.9AI score0.03204EPSS

Exploits0References2

NVD•added 2020/07/17 9:15 p.m.•15 views

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

10CVSS0.06926EPSS

Exploits0References2

NVD•added 2020/07/17 9:15 p.m.•12 views

CVE-2020-5759

10CVSS0.03204EPSS

Exploits0References2

Cvelist•added 2020/07/17 8:35 p.m.•16 views

CVE-2020-5759

9.8AI score0.03204EPSS

Exploits0References1

Cvelist•added 2020/07/17 8:35 p.m.•20 views

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

9AI score0.04375EPSS

Exploits0References1

Veracode•added 2020/07/16 6:10 a.m.•19 views

OS Command Injection

kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...

9.8CVSS6.4AI score0.19859EPSS

Exploits0References4Affected Software1

NVD•added 2020/07/15 5:15 p.m.•37 views

CVE-2020-8178

Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...

10CVSS0.03633EPSS

Exploits1References1