Lucene search
+L

759 matches found

CNNVD
CNNVD
added 2021/06/01 12:0 a.m.6 views

Emissary 注入漏洞

Emissary is a software application. A P2P-based data-driven workflow engine that runs across heterogeneous and potentially widely distributed multi-tier P2P network computing resources. Emissary suffers from a security vulnerability that makes it susceptible to post-authentication Remote Code...

9.1CVSS8.4AI score0.0285EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/05/28 11:5 p.m.35 views

CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...

8CVSS9.7AI score0.0285EPSS
Exploits1References2
SonicWall
SonicWall
added 2021/04/20 11:12 a.m.12 views

SonicWall Email Security post-authentication arbitrary file read vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE: CVE-2021-20023 Last updated: April 20, 2021, 11:12 a.m...

6.7CVSS6.7AI score0.51407EPSS
Exploits0
SonicWall
SonicWall
added 2021/04/09 10:3 p.m.13 views

SonicWall Email Security post-authentication arbitrary file creation vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE: CVE-2021-20022 Last updated: April 9, 2021, 10:03 p.m...

6.7CVSS6.9AI score0.16509EPSS
Exploits0
CVE
CVE
added 2021/03/13 2:10 a.m.100 views

CVE-2021-20018

CVE-2021-20018 affects SonicWall SMA100: a post-authenticated vulnerability that allows exporting the device’s configuration to a specified email address, impacting SMA100 versions 10.2.0.5 and earlier. The CVE details in linked sources (e.g., SonicWall PSIRT SNWLID-2021-0005 and CNVD/CVE records...

4.9CVSS5.1AI score0.00673EPSS
Exploits0References1Affected Software1
SonicWall
SonicWall
added 2021/03/13 1:19 a.m.9 views

SonicWall SMA100 post-authentication configuration export to the a specified email address

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20018 Last updated: March 13, 2021, 1:19 a.m...

6.1CVSS6.8AI score0.00673EPSS
Exploits0
seebug.org
seebug.org
added 2021/03/12 12:0 a.m.143 views

D-Link DIR-3060 授权RCE漏洞(CVE-2021-28144)

Advisory: D-Link DIR-3060 Authenticated RCE CVE-2021-28144 MARCH 11, 2021 Overview The D-Link DIR-3060 running firmware versions below v1.11b04 is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary syst...

9CVSS8.9AI score0.06009EPSS
Exploits4
NVD
NVD
added 2021/02/11 9:15 p.m.17 views

CVE-2021-21976

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

7.2CVSS0.02074EPSS
Exploits0References1
Prion
Prion
added 2021/02/11 9:15 p.m.34 views

Command injection

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

6.5CVSS7.3AI score0.02074EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/11 8:34 p.m.46 views

CVE-2021-21976

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

7.6AI score0.02074EPSS
Exploits0References1
CVE
CVE
added 2021/02/11 8:34 p.m.86 views

CVE-2021-21976

CVE-2021-21976 is a post-authentication command injection in vSphere Replication that may allow an authenticated admin to achieve remote code execution. Affected: vSphere Replication 8.3.x (before 8.3.1.2), 8.2.x (before 8.2.1.1), 8.1.x (before 8.1.2.3), and 6.5.x (before 6.5.1.5). Root cause: vu...

7.2CVSS7.5AI score0.02074EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/01/11 3:15 p.m.4 views

CVE-2020-26118

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...

8.8CVSS5.9AI score0.03761EPSS
Exploits0References3
OSV
OSV
added 2020/11/21 6:15 a.m.4 views

CVE-2020-25185

The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 firmware versions 5.02.09...

8.8CVSS6.3AI score0.02101EPSS
Exploits0References1
Prion
Prion
added 2020/11/21 6:15 a.m.15 views

Buffer overflow

The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 firmware versions 5.02.09...

6.5CVSS9.2AI score0.02101EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/02 2:15 p.m.4 views

CVE-2020-17458

A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field...

5.4CVSS5.7AI score0.00638EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/23 3:35 p.m.35 views

CVE-2020-10918

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due t...

7.5CVSS7.9AI score0.02728EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/07/07 12:0 a.m.35 views

C-MORE HMI EA9 Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient...

7.5CVSS2.7AI score0.02728EPSS
Exploits0
OSV
OSV
added 2020/06/26 11:15 a.m.5 views

CVE-2020-15308

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

7.2CVSS7AI score0.01075EPSS
Exploits1References1
NVD
NVD
added 2020/06/26 11:15 a.m.22 views

CVE-2020-15308

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

7.2CVSS0.01075EPSS
Exploits1References1
Prion
Prion
added 2020/06/26 11:15 a.m.14 views

Sql injection

Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...

6.5CVSS7.4AI score0.01075EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder