Lucene search
K

15286 matches found

Prion
Prion
added 2023/05/31 8:15 p.m.18 views

Command injection

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...

7.5CVSS9.6AI score0.32561EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/31 12:0 a.m.12 views

CVE-2023-33735

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...

7.9AI score0.32561EPSS
Exploits1References2
CVE
CVE
added 2023/05/31 12:0 a.m.145 views

CVE-2023-33735

CVE-2023-33735 affects D-Link DIR-846 v1.00A52. The vulnerability is a remote command execution via the tomography_ping_address parameter on the /HNAP1 interface, attributed to the HNAP1 handling in the device firmware. Impact is described as total (high confidentiality, integrity, and availabili...

9.8CVSS9.6AI score0.32561EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/05/31 12:0 a.m.24 views

CVE-2023-33735

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...

9.9AI score0.32561EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.4 views

The vulnerability of the /bin/boa component of D-Link’s router microprogramming software, DIR-619L and DIR-605L, allows a hacker to execute arbitrary commands.

The vulnerability of the /bin/boa microprogramming system components of D-Link’s DIR-619L and DIR-605L routers lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS8AI score0.07396EPSS
Exploits1References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.6 views

The vulnerability of the ping.cgi script in NETGEAR DGN2200 router’s embedded software allows a hacker to execute arbitrary commands and gain full control over the device.

The vulnerability of the ping.cgi script in NETGEAR DGN2200 router software exists because measures to neutralize specific elements used in the operating system command have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands on th...

10CVSS8.1AI score0.72199EPSS
Exploits11References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/30 2:15 a.m.1 views

CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.13C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on an affected device remotely...

7.2CVSS7.1AI score0.01415EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/05/29 12:0 a.m.44 views

CVE-2022-24630

AudioCodes Device Manager Express (versions up to 7.8.20002.47752) contains a vulnerability in BrowseFiles.php where a POST request with cmd=ssh and an ssh_command field is executed, enabling remote code execution. This affects the vulnerable command handling path and can lead to RCE. Public expl...

7.2CVSS8.1AI score0.23895EPSS
Exploits4References1Affected Software1
CNNVD
CNNVD
added 2023/05/26 12:0 a.m.3 views

XXL-Job 安全漏洞

XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xueli XXL-JOB community. A security vulnerability exists in XXL-Job version v2.4.1 that originates from allowing a user to execute arbitrary commands on another user's account by using a crafted POST request ...

8.8CVSS8.4AI score0.01128EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2023/05/25 7:50 p.m.358 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Exploit for RCE in Spring Cloud CVE 2022-22963 Exploit for...

9.8CVSS9.8AI score0.99939EPSS
Exploits36
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.6 views

PT-2023-3100 · D Link · D-Link Dir-842

Name of the Vulnerable Software and Affected Versions: D-Link DIR-842V2 version 1.0.3 Description: The issue allows attackers to execute arbitrary commands via importing a crafted file. This is related to the lack of data cleaning measures at the management level, which can be exploited by a remo...

9CVSS7.9AI score0.36026EPSS
Exploits2References9
VulnCheck KEV
VulnCheck KEV
added 2023/05/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-28771

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device...

9.8CVSS7.5AI score0.99284EPSS
Exploits8References1
Exploit DB
Exploit DB
added 2023/05/25 12:0 a.m.352 views

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

9.8CVSS9.3AI score0.12453EPSS
Exploits4
OSV
OSV
added 2023/05/24 3:15 p.m.32 views

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS9.8AI score0.96604EPSS
Exploits11References7
NVD
NVD
added 2023/05/24 3:15 p.m.28 views

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS9.8AI score0.96604EPSS
Exploits11References7
Prion
Prion
added 2023/05/24 3:15 p.m.23 views

Design/Logic Flaw

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

7.5CVSS9.6AI score0.96604EPSS
Exploits11References3Affected Software1
CVE
CVE
added 2023/05/24 2:45 p.m.434 views

CVE-2023-33246

CVE-2023-33246 affects Apache RocketMQ 5.1.0 and earlier. The vulnerability arises from leakage of NameServer, Broker, and Controller on the extranet with insufficient permission verification, allowing an attacker to trigger remote code execution by using the update configuration function or by f...

9.8CVSS9.9AI score0.96604EPSS
In wildExploits11References7Affected Software1
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.3 views

Barracuda Email Security Gateway 命令注入漏洞

Barracuda Email Security Gateway is an email security gateway from Barracuda that manages and filters all inbound and outbound email traffic to protect organizations from email threats and data breaches. A security vulnerability exists in Barracuda Email Security Gateway versions 5.1.3.001 throug...

9.8CVSS8.6AI score0.86956EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2023/05/24 12:0 a.m.40 views

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS9.9AI score0.96604EPSS
In wildExploits11References7
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.310 views

Roxy WI 6.1.0.0 Remote Command Execution

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS7.1AI score0.90387EPSS
Exploits15
Rows per page
Query Builder