Lucene search
K

15286 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/06/22 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

9.8CVSS7.6AI score0.76604EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.6 views

PT-2023-9236 · Nexgen · Nextgen Mirth Connect

Name of the Vulnerable Software and Affected Versions: NextGen Mirth Connect version 4.3.0 Description: A remote command execution issue allows attackers to execute arbitrary commands on the hosting server. The vulnerability is related to the XStreamSerializer class and is due to a lack of data...

9.8CVSS7.8AI score0.97106EPSS
Exploits22References24
GithubExploit
GithubExploit
added 2023/06/20 11:45 a.m.347 views

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...

9.8CVSS8.9AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2023/06/20 11:45 a.m.180 views

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...

9.8CVSS8.9AI score0.99677EPSS
Exploits100
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.5 views

The vulnerability of the setTracerouteCfg function in the TOTOLINK X18 router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setTracerouteCfg function in TOTOLINK X18 router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.02014EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/06/19 12:15 p.m.3 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS6AI score0.84195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/19 11:42 a.m.16 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS8.2AI score0.84195EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/06/16 8:40 p.m.64 views

Metasploit Weekly Wrap-Up

Metasploit T-Shirt Design Contest In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition t-shirts - and we're inviting members of our community to have a hand in its creation. The contest winner will have their design featured on the shirts, which will then be available to...

10CVSS9.6AI score0.99811EPSS
Exploits40
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/16 5:5 a.m.11 views

Multiple vulnerabilities in Panasonic AiSEG2

Overview Panasonic AiSEG2 contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-28726 Improper Authentication CWE-287 - CVE-2023-28727 Taku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic...

9.6CVSS7.9AI score0.00811EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/06/16 12:0 a.m.3 views

PT-2023-24001 · L7 Networks · L7 Networks Instantqos Iq-8000 +1

Name of the Vulnerable Software and Affected Versions: L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 affected versions not specified Description: The file uploading function in the affected devices does not properly restrict the upload of files with dangerous types. This allows an...

9.8CVSS9.6AI score0.00942EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.5 views

The vulnerability of D-Link DIR-842V2 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-842V2 router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by importing a specially created binary file...

9CVSS8AI score0.36026EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.5 views

The vulnerability of the cable gateway Hitron CODA-5310 arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the Hitron CODA-5310 cable gateway exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

8.3CVSS7.4AI score0.01281EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.6 views

The vulnerability of the WlanNetworkRpm component (/userRpm/WlanNetworkRpm.htm) in the software of TP-Link routers such as TL-WR940N, TL-WR740N, and TL-WR841N allows a hacker to execute arbitrary commands or cause service failures.

The vulnerability of the WlanNetworkRpm component /userRpm/WlanNetworkRpm.htm of TP-Link routers such as TL-WR940N, TL-WR740N, and TL-WR841N is related to the failure to eliminate special elements used in the operating system’s processing of the ssid1 parameter. Exploiting this vulnerability allo...

8.6CVSS8.3AI score0.41874EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.5 views

The vulnerability of the iperf3 component of the D-Link DIR-842V2 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the iperf3 component of D-Link DIR-842V2 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS8AI score0.42868EPSS
Exploits2References5Affected Software1
Metasploit
Metasploit
added 2023/06/15 7:49 p.m.180 views

RPyC 4.1.0 through 4.1.1 Remote Command Execution

This module allows remote command execution on RPyC versions 4.1.0 and 4.1.1. You will be able to execute a specified command on the target machine as the user running the RPyC service and view the output. Module Options msf use auxiliary/scanner/http/rpycrce msf auxiliaryrpycrce show actions...

7.5CVSS7.5AI score0.13049EPSS
Exploits2
Cvelist
Cvelist
added 2023/06/15 2:57 a.m.15 views

CVE-2022-32752 IBM Security Directory Suite VA command execution

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439...

7.2CVSS8.6AI score0.01361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.6 views

PT-2023-13190 · Ibm · Ibm Security Directory Suite Va

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Suite VA versions 8.0.1 through 8.0.1.19 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Securit...

8.8CVSS8.7AI score0.01361EPSS
Exploits0References6
Metasploit
Metasploit
added 2023/06/14 7:50 p.m.296 views

Symmetricom SyncServer Unauthenticated Remote Command Execution

This module exploits an unauthenticated command injection vulnerability in /controller/ping.php. The S100 through S350 End of Life models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability. Later models require authentication which is not provided in this...

9.8CVSS7.8AI score0.92472EPSS
Exploits3
CNVD
CNVD
added 2023/06/14 12:0 a.m.14 views

Changjitong T+ Remote Command Execution Vulnerability

T+ is a new Internet-based business management software. A remote command execution vulnerability exists in T+, which can be exploited by an attacker to execute arbitrary commands on the target server...

7.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.5 views

PT-2023-3645 · D Link · D-Link Dsl-G256Dg +1

Name of the Vulnerable Software and Affected Versions: D-Link DSL-224 version 3.0.10 D-Link DSL-G256DG affected versions not specified Description: The issue is related to a command execution vulnerability that can be exploited after authentication. It is associated with deficiencies in the...

9CVSS8AI score0.01626EPSS
Exploits0References5
Rows per page
Query Builder