Lucene search
K

15286 matches found

BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.6 views

The vulnerability of the NTPSyncWithHost function in D-Link DIR-816 A2 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the NTPSyncWithHost function in D-Link DIR-816 A2 router microprogramming software exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

10CVSS8.1AI score0.04143EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.5 views

The vulnerability of the SolarWinds Orion Platform’s network monitoring software, related to improper code generation management, allows a intruder to execute arbitrary commands.

The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.7AI score0.0839EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.4 views

The vulnerability of the beh component (Backend Error Handler) of the cups-filters printing package allows a hacker to execute arbitrary commands on the printing server.

The vulnerability of the beh component Backend Error Handler of the cups-filters printing package exists because measures to neutralize special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the...

10CVSS7.8AI score0.03697EPSS
Exploits1References13Affected Software7
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.2 views

PT-2023-5402 · Apache · Apache Rocketmq

Name of the Vulnerable Software and Affected Versions: Apache RocketMQ versions 5.1.0 and below Apache RocketMQ versions prior to 4.9.6 Description: The vulnerability is related to a permission verification issue in Apache RocketMQ, allowing attackers to perform remote command execution under...

10CVSS10AI score0.96604EPSS
Exploits11References149
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.5 views

PT-2023-2983 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846 version 1.00A52 Description: The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-846 router's firmware, specifically concerning the handling of the tomography ping address parameter. This can be...

9.8CVSS7.7AI score0.32561EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2023/05/19 12:0 a.m.7 views

The vulnerability of the application programming interface of the Cisco DNA Center allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the application programming interface of the Cisco DNA Center relates to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges using a specially created API...

5.5CVSS8.1AI score0.00624EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/05/18 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-2868

Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...

9.8CVSS7.4AI score0.86956EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.7 views

The vulnerability of the administrator consoles of microprogrammed software for wireless signal amplifiers from D-Link’s DCH-M225 allows a intruder to execute arbitrary commands.

The vulnerability of the administrator consoles of microprogrammed software for D-Link DCH-M225 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the “media renderer” parameter in the...

9CVSS7.5AI score0.0229EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.5 views

The vulnerability of the SetQoSSettings.php script in D-Link DIR-822 router software allows a hacker to execute arbitrary commands.

The vulnerability of the SetQoSSettings.php script in D-Link DIR-822 router microprogramming software is related to insufficient checking of regular expressions during the processing of the uplink parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.05543EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.5 views

The vulnerability in the spotifyConnect.php script of D-Link’s wireless signal amplifiers allows a hacker to execute arbitrary commands.

The vulnerability in the spotifyConnect.php microprogramming of D-Link DCH-M225 wireless signal amplifiers is related to the failure to eliminate special elements used in the operating system’s processing of the parameter userName. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8.2AI score0.02811EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/05/16 7:15 p.m.2 views

CVE-2023-30501

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

8.8CVSS7.6AI score0.01037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.4 views

PT-2023-8296 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands...

9CVSS8.8AI score0.0108EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.4 views

PT-2023-8735 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows remote authenticated users to run arbitrary...

10CVSS8.5AI score0.01037EPSS
Exploits0References9
Huntr
Huntr
added 2023/05/11 3:19 p.m.9 views

Lack of security consideration leads to multiple critical weaknesses

Introduction This report serves more as a suggestion to improve security, rather than fixing any single "vulnerability". I've given examples to demonstrate the impact that neglecting security may have, but these are not the root cause of the issue. Due to the nature of a package, being able to...

8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.5 views

PT-2023-2994 · Vmware · Vmware Aria Operations

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a deserialization vulnerability in VMware Aria Operations. A malicious actor with administrative privileges can exploit this vulnerability to execute...

7.2CVSS7.2AI score0.01001EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.5 views

The vulnerability in the web administration interface of the FileZen file-sharing server allows a hacker to execute arbitrary commands.

The vulnerability in the FileZen file-sharing server’s administrative web interface relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.6AI score0.0397EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/08 2:8 p.m.9 views

CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS8AI score0.01704EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/08 2:8 p.m.20 views

CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS9.3AI score0.01704EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/08 2:8 p.m.17 views

CVE-2023-22789 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS9.3AI score0.01664EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/08 2:8 p.m.29 views

CVE-2023-22788 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS9.3AI score0.01704EPSS
Exploits0References1
Rows per page
Query Builder