Lucene search
K

255 matches found

Prion
Prion
added 2021/09/07 12:15 p.m.10 views

Buffer overflow

A buffer overflow issue was discovered in ZOOK solutionremote administration tool through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command...

6.5CVSS8.9AI score0.00818EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/07/08 8:4 p.m.71 views

CVE-2021-34616

CVE-2021-34616 concerns Aruba ClearPass Policy Manager and describes a remote arbitrary command execution vulnerability. Multiple connected sources specify impact on versions prior to 6.10.0, 6.9.6, and 6.8.9. A CNVD/PRION-type description attributes the root cause to inadequate input validation ...

6.5CVSS6.5AI score0.01246EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/08 3:44 p.m.56 views

CVE-2021-34610

The CVE-2021-34610 entry concerns Aruba ClearPass Policy Manager. A remote arbitrary command execution vulnerability affects versions prior to 6.10.0, 6.9.6 and 6.8.9. It is documented as an issue that Aruba has released updates to address. Connected sources consistently describe this vulnerabili...

9CVSS7.1AI score0.03024EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/08 3:40 p.m.23 views

CVE-2021-34611

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

7.4AI score0.03024EPSS
Exploits0References1
OSV
OSV
added 2021/05/17 7:15 p.m.4 views

CVE-2020-29205

XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field...

6.1CVSS6AI score0.01533EPSS
Exploits1References3
NVD
NVD
added 2021/03/30 2:15 a.m.30 views

CVE-2021-25158

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...

5.9CVSS0.3058EPSS
Exploits3References3
CVE
CVE
added 2021/03/30 1:33 a.m.137 views

CVE-2021-25157

CVE-2021-25157 affects Aruba Instant IAP. The remote arbitrary file-read vulnerability impacts Aruba Instant versions listed in the CVE entry (6.4.x, 6.5.x, 8.3.x, 8.5.x, 8.6.x, 8.7.x and below) and Aruba has released patches to address it. Connected documents confirm Aruba has issued fixes/advis...

4.9CVSS5.2AI score0.10259EPSS
Exploits3References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/04 6:39 a.m.4 views

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...

10CVSS7.7AI score0.02815EPSS
Exploits0References5
NVD
NVD
added 2021/02/03 1:15 p.m.18 views

CVE-2020-28144

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code...

9.8CVSS0.02141EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/02/03 12:0 a.m.29 views

D-Link DNS Devices RCE Vulnerability (SAP10183) - Active Check

D-Link DNS-320 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

9.8CVSS9.7AI score0.99968EPSS
Exploits2References4
NVD
NVD
added 2020/12/24 8:15 p.m.20 views

CVE-2020-29474

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

9.8CVSS10AI score0.04064EPSS
Exploits1References2
Prion
Prion
added 2020/12/24 8:15 p.m.22 views

Sql injection

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

7.5CVSS10AI score0.04114EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/12/21 3:15 p.m.11 views

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

6.1CVSS6.9AI score0.01274EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/12/21 2:51 p.m.21 views

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

6.9AI score0.01274EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.8 views

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a perpetrator to perform arbitrary actions on the vulnerable device.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the use of an incomplete blacklist. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...

8.2CVSS7.5AI score0.0079EPSS
Exploits0References2
Prion
Prion
added 2020/10/05 3:15 p.m.13 views

Design/Logic Flaw

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...

6.5CVSS8.8AI score0.01863EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/26 12:0 a.m.4 views

The vulnerability of the NPort IAW5000A-I/O Series web server software lies in its lack of access control mechanisms, allowing attackers to send arbitrary requests to the vulnerable system.

The vulnerability of the NPort IAW5000A-I/O Series web server software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to send arbitrary requests to the vulnerable system remotely...

10CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.8 views

The vulnerability of the central control server of SiNVR 3 Central Control Server lies in security flaws in the XML-based communication protocol, allowing attackers to perform arbitrary actions on the vulnerable device.

The vulnerability of the central control server of SiNVR 3 Central Control Server is related to security vulnerabilities in the XML-based communication protocol. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...

4.3CVSS5.6AI score0.01054EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/05/10 11:27 p.m.40 views

Remote Code Execution (RCE)

ncurses is vulnerable to denial of service. Due to a flaw, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

9.8CVSS6.6AI score0.04257EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/04/16 7:15 p.m.16 views

CVE-2019-11999

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform OCMP resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. For OCMP version 4.4.X -...

6.9CVSS6.9AI score0.00803EPSS
Exploits0References1
Rows per page
Query Builder