Lucene search
K

15286 matches found

NVD
NVD
added 2023/05/08 1:15 a.m.14 views

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

9.8CVSS9.8AI score0.02083EPSS
Exploits1References2
Prion
Prion
added 2023/05/08 1:15 a.m.17 views

Command injection

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

7.5CVSS9.7AI score0.02083EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.9 views

CVE-2021-28999

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...

9.3AI score0.01332EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.10 views

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

9.8AI score0.02083EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/08 12:0 a.m.23 views

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

9.9AI score0.02083EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.4 views

PT-2023-22493 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.20.20-lts-79d354a6 Description: The issue allows for Remote Command Execution. An attacker can execute system commands, including reverse-shell, by exploiting the custom code snippet function in the Metersphere system...

9.8CVSS7.5AI score0.02083EPSS
Exploits1References6
CVE
CVE
added 2023/05/08 12:0 a.m.115 views

CVE-2023-29944

CVE-2023-29944 affects MeterSphere v1.20.20-lts-79d354a6. The vulnerability is a remote command execution in the custom code snippet function of the system workbench, allowing an attacker to run system commands (e.g., reverse shells). The CVE documents list a high impact with network access, no p...

9.8CVSS9.6AI score0.02083EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2023/05/05 12:0 a.m.223 views

EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) Exploit

Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.358 views

EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)

Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.4 views

The vulnerability of the Virtual Delivery Agent (VDA) software, used for virtualizing and delivering Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop), on Windows operating systems, allows a malicious individual to escalate their privileges and execute arbitrary commands.

The vulnerability of the Virtual Delivery Agent VDA software for virtualizing and delivering Citrix Virtual Apps and Desktops formerly XenApp and XenDesktop on Windows operating systems is related to deficiencies in access control when using a multi-user mode. Exploiting this vulnerability can...

9CVSS7.9AI score0.0257EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/05/03 3:15 p.m.22 views

CVE-2023-28742

When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.8CVSS7.5AI score0.01474EPSS
Exploits0References1
Prion
Prion
added 2023/05/03 3:15 p.m.29 views

Design/Logic Flaw

When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS8.7AI score0.01474EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/03 2:34 p.m.60 views

CVE-2023-28742

CVE-2023-28742 describes an authenticated remote command execution vulnerability in the BIG-IP DNS iQuery mesh when DNS is provisioned. The issue allows an attacker with network access to the DNS iQuery mesh (via the BIG-IP management port and/or self IPs) to execute arbitrary system commands thr...

8.8CVSS7.9AI score0.01474EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/03 2:34 p.m.19 views

CVE-2023-28742 BIG-IP iQuery mesh vulnerability

When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.2CVSS9AI score0.01474EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/05/03 12:10 p.m.24 views

K000132972: BIG-IP iQuery mesh vulnerability CVE-2023-28742

Security Advisory Description When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. CVE-2023-28742 Impact This vulnerability may allow an authenticated attacker with network access to the DNS iQuery mesh through the BIG-IP management port and/...

8.8CVSS8.9AI score0.01474EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.3 views

PT-2023-21932 · Unknown · Dns Iquery Mesh

Name of the Vulnerable Software and Affected Versions: DNS iQuery mesh affected versions not specified Description: A remote command execution issue exists when DNS is provisioned, allowing authenticated attackers to execute commands. The issue is related to the DNS iQuery mesh. Recommendations: ...

8.8CVSS8.6AI score0.01474EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/05/03 12:0 a.m.4 views

The vulnerability of the zhttpd component in the libclinkc.so library of the ZyXEL DX5401-B0 router’s software allows a malicious actor to execute certain operating system commands remotely.

The vulnerability of the zhttpd component in the libclinkc.so library of the ZyXEL DX5401-B0 router microprogramming system is related to the possibility of buffer overflow in memory. Exploiting this vulnerability could allow a remote attacker to execute certain commands on the operating system...

9.6CVSS8.3AI score0.0542EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/05/02 8:15 p.m.2 views

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

7.3CVSS6AI score0.01142EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.3 views

The vulnerability of the command-line interface (CLI) of Cisco Aironet Access Point software allows a attacker to execute arbitrary commands or cause service interruptions.

The vulnerability of the command-line interface CLI of Cisco Aironet Access Point microprogramming software exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow an attacker to execute arbitrary...

6.5CVSS6.3AI score0.00257EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.5 views

The vulnerability of the warn-proceed handler component of the Sophos Web Appliance (SWA) security and management device allows a perpetrator to execute arbitrary commands.

The vulnerability of the warn-proceed handler component of the Sophos Web Appliance SWA security and management device for web devices is related to the lack of measures to sanitize input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

10CVSS8.3AI score0.99999EPSS
Exploits10References6Affected Software1
Rows per page
Query Builder