Lucene search
K

11236 matches found

NVD
NVD
added 2023/01/13 9:15 p.m.29 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.8CVSS8.8AI score0.00874EPSS
Exploits0References2
Prion
Prion
added 2023/01/13 9:15 p.m.13 views

Design/Logic Flaw

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

6.5CVSS8.7AI score0.00874EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/13 12:0 a.m.31 views

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands...

8.9AI score0.00874EPSS
Exploits0References2
CVE
CVE
added 2023/01/13 12:0 a.m.112 views

CVE-2022-42136

CVE-2022-42136 affects MailEnable on Windows. Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had access, enabling an attacker to store arbitrary code on those files and execute Remote Code Execution (RCE). The ...

8.8CVSS8.7AI score0.00874EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2023/01/12 1:49 p.m.37 views

EXNESS: Blind SSRF on https://my.exnessaffiliates.com/ allows for internal network enumeration

A blind stored server-side request forgery vulnerability was discovered in an endpoint of a website. This allowed internal network details to be disclosed by making requests to internal IP addresses and ports. With escalation, further inspection of the internal network could have been possible. T...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/12 6:48 a.m.66 views

Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel CWP that enables elevated privileges and unauthenticated remote code execution RCE on susceptible servers. Tracked as CVE-2022-44877 CVSS score: 9.8, the bug impacts all versions of...

9.8CVSS1.6AI score0.99995EPSS
Exploits12
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.26 views

SugarCRM 11.0.x < 11.0.5, 12.0.x < 12.0.2 RCE Vulnerability

SugarCRM is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm...

8.8CVSS9.4AI score0.80274EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.36 views

openSUSE 15 Security Update : rubygem-activerecord-5.2 (openSUSE-SU-2023:0009-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2023:0009-1 advisory. - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which...

9.8CVSS7.4AI score0.02386EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/01/11 12:0 a.m.33 views

Microsoft Office Outlook 2019 RCE Vulnerabilities (Jan 2023) - Mac OS X

This host is missing an important security update for Microsoft Office Outlook 2019 on Mac OS X according to Microsoft security update January 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.8CVSS7.6AI score0.00915EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/01/11 12:0 a.m.31 views

Microsoft Windows Multiple Vulnerabilities (KB5022282)

This host is missing an important security update according to Microsoft KB5022282 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

9.1CVSS7.5AI score0.91597EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2023/01/11 12:0 a.m.17 views

MatrixSSL 4.x < 4.6.0 RCE Vulnerability

MatrixSSL is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.9AI score0.01697EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2023/01/10 10:32 p.m.128 views

Patch Tuesday - January 2023

Microsoft is starting the new year with a bang! Today’s Patch Tuesday release addresses almost 100 CVEs. After a relatively mild holiday season, defenders and admins now have a wide range of exciting new vulnerabilities to consider. Two zero-day vulnerabilities emerged today, both affecting a wid...

0.8AI score0.91597EPSS
Exploits17
NVD
NVD
added 2023/01/10 10:15 p.m.16 views

CVE-2023-21535

Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability...

8.1CVSS8.5AI score0.01084EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2023/01/10 7:18 p.m.52 views

Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 98 vulnerabilities. Of these vulnerabilities, 11 are classified as "Critical", 87 are classified as "Important", no vulnerability classified as "Moderate." According to Microsoft all "Critical" vulnerability are either less...

1.1AI score0.65417EPSS
Exploits13
Cvelist
Cvelist
added 2023/01/10 12:0 a.m.35 views

CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

8.1CVSS8.5AI score0.01084EPSS
Exploits0References1
0day.today
0day.today
added 2023/01/10 12:0 a.m.309 views

Online Food Ordering System 2.0 Shell Upload Vulnerability

Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Exploit Author: Hakan Sonay Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2023/01/10 12:0 a.m.30 views

CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

8.1CVSS8.5AI score0.01084EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/01/09 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1138)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01096EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/01/09 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for sysstat (EulerOS-SA-2023-1114)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01096EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2023/01/07 8:46 p.m.1010 views

Exploit for Command Injection in Zte Mf286R_Firmware

CVE-2022-39073 Firmware details: wainnerversion: BDPO...

9.8CVSS10AI score0.0334EPSS
Exploits1
Rows per page
Query Builder