Lucene search
K

15286 matches found

Vulnrichment
Vulnrichment
added 2023/04/28 3:54 p.m.7 views

CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...

8.3CVSS9.6AI score0.00348EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.319 views

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.4 views

PT-2023-17677 · Microsoft +1 · Msmq +1

Name of the Vulnerable Software and Affected Versions: aEnrich Technology a+HRD affected versions not specified Description: The issue is related to Deserialization of Untrusted Data within the MSMQ interpreter. An unauthenticated remote attacker can exploit this to execute arbitrary system...

9.8CVSS9.5AI score0.00986EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.5 views

Zyxel DX5401-B0 安全漏洞

The Zyxel DX5401-B0 is a wireless enhancement device from China's Hopkins Zyxel. A security vulnerability exists in the Zyxel DX5401-B0 V5.17ABYO.1C0 firmware version, which originates from a buffer overflow in the zhttpd library libclinkc.so. An attacker can exploit this vulnerability to execute...

9.8CVSS8.9AI score0.0542EPSS
Exploits1References2
NVD
NVD
added 2023/04/25 2:15 a.m.28 views

CVE-2023-28771

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...

9.8CVSS9.9AI score0.99284EPSS
Exploits8References3
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.15 views

CVE-2023-28771

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...

9.8CVSS9.8AI score0.99284EPSS
Exploits8References2
OSV
OSV
added 2023/04/24 6:15 p.m.4 views

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

8.8CVSS7.6AI score0.01508EPSS
Exploits0References1
OSV
OSV
added 2023/04/24 2:15 p.m.5 views

CVE-2023-1731

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands...

7.2CVSS7.3AI score0.0097EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/24 12:0 a.m.10 views

CVE-2023-22914

A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...

7.2CVSS7AI score0.01033EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.3 views

Meinberg Funkuhren LTOS 代码问题漏洞

Meinberg Funkuhren LTOS is a tape data storage technology from Meinberg Funkuhren, Germany. A code issue vulnerability exists in Meinberg Funkuhren LTOS versions prior to V7.06.013, which stems from the file upload function of the LTOS web interface failing to properly validate input. A remote...

7.2CVSS7.5AI score0.0097EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.3 views

PT-2023-2841

Name of the Vulnerable Software and Affected Versions Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73 Zyxel VPN series firmware versions 4.60 through 5.35 Zyxel USG FLEX series firmware versions 4.60 through 5.35 Zyxel ATP series firmware versions 4.60 through 5.35 Description The iss...

10CVSS9.1AI score0.99284EPSS
Exploits8References73
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.4 views

PowerPanel Business 安全漏洞

Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...

9.8CVSS8.5AI score0.00968EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.3 views

PT-2023-19933 · Apple +2 · Apple Macos +3

Name of the Vulnerable Software and Affected Versions: PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier PowerPanel Business Management for Windows versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier PowerPanel Business...

9.8CVSS9.4AI score0.01034EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.2 views

PT-2023-19932 · Cyberpower · Powerpanel Business Management +1

Name of the Vulnerable Software and Affected Versions: PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier PowerPanel Business Management for Windows versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier PowerPanel Business...

9.8CVSS9.4AI score0.01118EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.4 views

PT-2023-17197 · Meinberg · Meinbergs Ltos

Name of the Vulnerable Software and Affected Versions: Meinbergs LTOS versions prior to V7.06.013 Description: The configuration file upload function in Meinbergs LTOS does not correctly validate input, allowing a remote authenticated attacker with high privileges to execute arbitrary commands...

7.2CVSS7.1AI score0.0097EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.346 views

FUXA 1.1.13-1186 Remote Code Execution

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/20 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Industrial Network Director software package allows a hacker to execute arbitrary commands.

The vulnerability of the Cisco Industrial Network Director software’s web interface exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS6.3AI score0.1272EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/19 12:0 a.m.6 views

The vulnerability of the Linux kernel’s Bluetooth permission checking subsystem allows a perpetrator to execute arbitrary commands.

The vulnerability of the Linux operating system’s Bluetooth permission checking subsystem is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted requests remotely...

6.8CVSS6.7AI score0.0147EPSS
Exploits2References46Affected Software6
VulnCheck KEV
VulnCheck KEV
added 2023/04/18 12:0 a.m.1 views

VulnCheck KEV: CVE-2020-8949

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

9CVSS7.6AI score0.02829EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.507 views

SPIP Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...

9.8CVSS9.4AI score0.99637EPSS
Exploits23
Rows per page
Query Builder