CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15280 matches found

CVE•added 2023/12/22 4:49 p.m.•43 views

CVE-2023-50254

Summary : Deepin Linux’s default document reader, deepin-reader , is affected in versions prior to 6.0.7 due to a design flaw that allows remote command execution by processing crafted docx files. The vulnerability is a file overwrite issue; RCE can occur by overwriting files such as ~/.bashrc, ~...

9.3CVSS8.8AI score0.02118EPSS

Exploits2References3Affected Software1

NVD•added 2023/12/22 2:15 a.m.•13 views

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

9.8CVSS0.01266EPSS

Exploits0References1

Prion•added 2023/12/22 2:15 a.m.•26 views

Command injection

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

7.5CVSS7.6AI score0.01266EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/12/22 12:0 a.m.•3 views

Array Networks ArrayOS AG Security Breach

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks that enables secure remote access regardless of user, device or location. It provides scalable and controllable remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device,...

9.8CVSS7.2AI score0.01266EPSS

Exploits0References2

Vulnrichment•added 2023/12/22 12:0 a.m.•6 views

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

9.7AI score0.01266EPSS

Exploits0References1

Positive Technologies•added 2023/12/22 12:0 a.m.•5 views

PT-2023-31885 · Array · Motionpro

Name of the Vulnerable Software and Affected Versions: MotionPro in Array ArrayOS AG versions prior to 9.4.0.505 Description: The issue allows remote command execution via crafted packets. There is no information provided about the estimated number of potentially affected devices worldwide or...

9.8CVSS9.4AI score0.01266EPSS

Exploits0References3

BDU FSTEC•added 2023/12/22 12:0 a.m.•3 views

The vulnerability of D-Link DIR-850L B1 router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-850L B1 router microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when dealing with the en parameter. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8.1AI score0.01862EPSS

Exploits0References5

Cvelist•added 2023/12/22 12:0 a.m.•15 views

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

9.8AI score0.01266EPSS

Exploits0References1

CVE•added 2023/12/22 12:0 a.m.•70 views

CVE-2023-51707

CVE-2023-51707 affects MotionPro in Array ArrayOS AG prior to 9.4.0.505, where remote command execution is possible via specially crafted packets. Affected: AG and vxAG before 9.4.0.505; unaffected: AG/vxAG 9.3.0.259.x. Impact is remote code execution with network attack vector and no user intera...

9.8CVSS9.5AI score0.01266EPSS

Exploits0References1Affected Software1

BDU FSTEC•added 2023/12/21 12:0 a.m.•4 views

The vulnerability of the soapauth() function in Netgear N300 wireless router software (WNR2000v4) allows a hacker to execute arbitrary commands.

The vulnerability of the soapauth function in Netgear N300 wireless router microprogramming software WNR2000v4 is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafte...

9CVSS8.2AI score0.04007EPSS

Exploits1References4Affected Software1

BDU FSTEC•added 2023/12/21 12:0 a.m.•5 views

The vulnerability of the microprogrammed software of the multi-channel voice recorder EasyLog Web+ BRS-5003 and EasyLog Web+ BRS-800 lies in improper control of code generation, allowing intruders to execute arbitrary commands.

The vulnerability of the microprogrammed software of the multi-channel voice recorder EasyLog Web+ BRS-5003 and EasyLog Web+ BRS-800 is related to incorrect code generation control. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary commands...

10CVSS8.1AI score0.01115EPSS

Exploits0References4Affected Software2

BDU FSTEC•added 2023/12/20 12:0 a.m.•5 views

The vulnerability of the DisconnectVPN function in the microprogramming software for TOTOLINK X18 allows a hacker to execute arbitrary commands.

The vulnerability of the DisconnectVPN function in the TOTOLINK X18 router microprogramming system is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely using the pid parameter...

10CVSS8.1AI score0.02156EPSS

Exploits1References4Affected Software1

BDU FSTEC•added 2023/12/19 12:0 a.m.•4 views

The vulnerability of the Nagios XI monitoring tool lies in the lack of protection for the website structure when processing input fields $ARG1$ and $ARG2$. This allows attackers to execute arbitrary commands.

The vulnerability of the Nagios XI monitoring tool is related to the lack of measures taken to protect the structure of the web page during the processing of input fields $ARG1$ and $ARG2$. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

8.2CVSS5.8AI score

Exploits0References4Affected Software1

BDU FSTEC•added 2023/12/19 12:0 a.m.•2 views

The vulnerability of the SCALANCE M-800/S615 family of industrial switches lies in the insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary commands.

The vulnerability of the SCALANCE M-800/S615 family of industrial switches lies in insufficient verification of the arguments passed in the commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.3CVSS7AI score0.00623EPSS

Exploits0References3Affected Software13

Cvelist•added 2023/12/18 8:8 p.m.•46 views

CVE-2023-4724 WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

7.4AI score0.01151EPSS

Exploits2References1

Github Security Blog•added 2023/12/15 3:30 p.m.•33 views

Apache StreamPark: Authenticated system users could trigger remote command execution

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

7.2CVSS7.2AI score0.02299EPSS

Exploits0References3Affected Software1