Lucene search
K

11235 matches found

Cvelist
Cvelist
added 2023/02/28 12:0 a.m.14 views

CVE-2023-25266

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...

9.1AI score0.01634EPSS
Exploits1References2
CVE
CVE
added 2023/02/28 12:0 a.m.60 views

CVE-2023-25266

Docmosis Tornado prior to 2.9.5 is affected. An authenticated attacker can modify the Office directory setting to point to an arbitrary remote network path, causing the soffice binary to execute under the attacker’s control and enabling arbitrary remote code execution (RCE). Impact is high (CVE-2...

8.8CVSS8.8AI score0.01634EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.19 views

Scientific Linux Security Update : git on SL7.x x86_64 (2023:0978)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:0978-1 advisory. - git: gitattributes parsing integer overflow CVE-2022-23521 - git: Heap overflow in git archive, git log format leading to RCE CVE-2022-41903 No...

9.8CVSS8.6AI score0.56334EPSS
Exploits0References3
0day.today
0day.today
added 2023/02/27 12:0 a.m.470 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability

ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...

9.8CVSS9.9AI score0.17399EPSS
Exploits6
0day.today
0day.today
added 2023/02/27 12:0 a.m.313 views

ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution Vulnerability

ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh...

7.2CVSS7.3AI score0.38722EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.282 views

ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP 20000-21150 probabl...

0.3AI score0.38722EPSS
Exploits5
0day.today
0day.today
added 2023/02/27 12:0 a.m.706 views

pyLoad js2py Python Execution Exploit

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default...

9.8CVSS9.8AI score0.96988EPSS
Exploits13
Packet Storm
Packet Storm
added 2023/02/27 12:0 a.m.368 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...

0.17399EPSS
Exploits6
CVE
CVE
added 2023/02/27 12:0 a.m.114 views

CVE-2023-26609

The CVE-2023-26609 vulnerability affects ABUS TVIP 20000-21150 devices, where shell metacharacters in the /cgi-bin/mft/wireless_mft ap field allow remote code execution. Public exploit discussions exist (PacketStorm/Wiki entries) and ICS CVE notes confirm remote exploitation with a CVSS v3.1 base...

7.2CVSS7.4AI score0.38722EPSS
In wildExploits5References3Affected Software1
Information Security Automation
Information Security Automation
added 2023/02/26 4:37 p.m.94 views

Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link for Russia: This month I decided to change the format a bit. Now I share my impression of Microsoft...

7.5CVSS8.9AI score0.82302EPSS
Exploits18
Vulnrichment
Vulnrichment
added 2023/02/24 11:48 a.m.14 views

CVE-2023-25696 Apache Airflow Hive Provider Beeline RCE

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...

9.5AI score0.01982EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/24 11:48 a.m.13 views

CVE-2023-25696 Apache Airflow Hive Provider Beeline RCE

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...

9.7AI score0.01982EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/02/24 12:0 a.m.25 views

D-Link Multiple DIR Devices RCE Vulnerability (Sep 2019)

Multiple D-Link DIR devices are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

10CVSS9.6AI score0.99996EPSS
Exploits5References6
OpenVAS
OpenVAS
added 2023/02/24 12:0 a.m.24 views

D-Link DHP-1565 Devices RCE Vulnerability (Sep 2019)

D-Link DHP-1565 devices are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS9.6AI score0.99996EPSS
Exploits5References6
NVD
NVD
added 2023/02/23 10:15 p.m.27 views

CVE-2023-24205

Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...

9.8CVSS9.9AI score0.01287EPSS
Exploits1References2
OSV
OSV
added 2023/02/23 10:15 p.m.12 views

CVE-2023-24205

Clash for Windows v0.20.12 was discovered to contain a remote code execution RCE vulnerability which is exploited via overwriting the configuration file cfw-setting.yaml...

9.8CVSS8.3AI score0.01287EPSS
Exploits1References2
NVD
NVD
added 2023/02/23 8:15 p.m.25 views

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

8.8CVSS8.3AI score0.00978EPSS
Exploits0References1
OSV
OSV
added 2023/02/23 8:15 p.m.9 views

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

8.8CVSS6AI score
Exploits0References1
Prion
Prion
added 2023/02/23 8:15 p.m.20 views

Code injection

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

6.5CVSS8.3AI score0.00978EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/23 12:0 a.m.26 views

CVE-2023-23917

A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...

8.5AI score0.00978EPSS
Exploits0References1
Rows per page
Query Builder