Lucene search
K

758 matches found

Positive Technologies
Positive Technologies
added 2019/10/09 12:0 a.m.2 views

PT-2019-14339 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 1.3.20 MantisBT versions prior to 2.22.1 Description: The issue allows for Post Authentication Command Injection, which can lead to Remote Code Execution. Recommendations: For versions prior to 1.3.20, update to...

7.2CVSS7.2AI score0.30003EPSS
Exploits5References14
NVD
NVD
added 2019/08/14 9:15 p.m.24 views

CVE-2019-12104

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...

9CVSS9.1AI score0.04693EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 9:15 p.m.7 views

CVE-2019-12104

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...

8.8CVSS7.3AI score0.04693EPSS
Exploits1References2
Prion
Prion
added 2019/08/14 9:15 p.m.16 views

Command injection

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...

9CVSS9AI score0.04693EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/08/14 8:32 p.m.27 views

CVE-2019-12104

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...

9.1AI score0.04693EPSS
Exploits1References2
OSV
OSV
added 2019/08/01 1:15 p.m.5 views

CVE-2019-14338

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface...

6.1CVSS6.4AI score0.01954EPSS
Exploits3References3
Prion
Prion
added 2019/08/01 1:15 p.m.22 views

Design/Logic Flaw

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface...

4.3CVSS6AI score0.01954EPSS
Exploits3References3Affected Software2
Cvelist
Cvelist
added 2019/08/01 12:32 p.m.28 views

CVE-2019-14338

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface...

6.1AI score0.01954EPSS
Exploits3References3
NVD
NVD
added 2018/11/27 2:29 p.m.15 views

CVE-2018-16089

In System Management Module SMM versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user...

8.5CVSS7.8AI score0.01735EPSS
Exploits0References1
OSV
OSV
added 2018/11/27 2:29 p.m.8 views

CVE-2018-16090

In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References1
NVD
NVD
added 2018/11/27 2:29 p.m.19 views

CVE-2018-16090

In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...

7.5CVSS7.8AI score0.00874EPSS
Exploits0References1
Prion
Prion
added 2018/11/27 2:29 p.m.13 views

Command injection

In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...

6CVSS7.9AI score0.00874EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/11/27 2:29 p.m.14 views

Command injection

In System Management Module SMM versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user...

8.5CVSS7.9AI score0.01735EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/11/27 2:0 p.m.53 views

CVE-2018-16090

The CVE-2018-16090 vulnerability affects Lenovo System Management Module (SMM) firmware prior to 1.06, where the certificate creation and parsing logic allows post-authentication command injection. The Lenovo advisory LEN-24374 documents this issue and links it to several SMM-related CVEs; for CV...

7.5CVSS8AI score0.00874EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/11/27 2:0 p.m.50 views

CVE-2018-16089

The CVE-2018-16089 entry concerns Lenovo System Management Module (SMM) firmware. A field in the header of SMM firmware update images in SMM versions prior to 1.06 is insufficiently sanitized, enabling post-authentication command injection on the SMM as the root user. The Lenovo advisory LEN-2437...

8.5CVSS8AI score0.01735EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.229 views

phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...

8.8CVSS7.4AI score0.98462EPSS
Exploits21
Packet Storm
Packet Storm
added 2018/07/12 12:0 a.m.80 views

phpMyAdmin Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...

0.3AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.62 views

Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...

9CVSS6.7AI score0.67453EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2018/03/20 12:0 a.m.42 views

FreeBSD : SquirrelMail -- post-authentication access privileges (928d5c59-2a5a-11e8-a712-0025908740c2)

Florian Grunow reports : An attacker able to exploit this vulnerability can extract files of the server the application is running on. This may include configuration files, log files and additionally all files that are readable for all users on the system. This issue is post-authentication. That...

8.8CVSS7.7AI score0.04451EPSS
Exploits0References3
CNVD
CNVD
added 2018/02/13 12:0 a.m.3 views

NetEx HyperIP Post-Auth Remote Command Execution Vulnerability

HyperIP is a WAN optimized virtual appliance. Deploying HyperIP enables data replication, backup, recovery and data center migration. HyperIP has a remote command execution vulnerability in its implementation. The principle of this vulnerability is that setting the setval parameter as a malformed...

8AI score
Exploits0References1
Rows per page
Query Builder