Lucene search
K

15286 matches found

BDU FSTEC
BDU FSTEC
added 2023/04/17 12:0 a.m.4 views

The vulnerability of the do_log_on_user() function in the Rocket Software UniData and UniVerse UniRPC database platforms, related to the bypassing of authentication checks, allows attackers to circumvent security restrictions and execute arbitrary commands.

The vulnerability of the dologonuser function in the Rocket Software UniData and UniVerse UniRPC database platforms is related to the bypassing of authentication checks. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and execute arbitrary commands...

10CVSS8AI score0.62136EPSS
Exploits2References2Affected Software2
Rapid7 Blog
Rapid7 Blog
added 2023/04/14 6:13 p.m.31 views

Metasploit Weekly Wrap-Up

Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidataudadminauthbypass exploits an authentication bypass to ultimately gain remote...

10.7AI score0.62136EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.3 views

PT-2023-3156 · Totolink · Totolink X18

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version V9.1.0cu.2024 B20220329 Description: The issue is related to insufficient argument validation in the UploadFirmwareFile function of the TOTOLINK X18 router's firmware, allowing a remote attacker to execute arbitrary...

10CVSS9.5AI score0.02014EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/04/13 12:0 a.m.11 views

CVE-2023-20118

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user...

7.2CVSS7.2AI score0.53827EPSS
In wildExploits0References2
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.6 views

The vulnerability of the web server of the microprogramming software for the processor module controllers Siemens SICAM CP-8031 and CP-8050 allows a hacker to execute arbitrary commands.

The vulnerability of the web server of the microprogramming software for the processor module controllers Siemens SICAM CP-8031 and CP-8050 is related to insufficient checking of the arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

10CVSS8.1AI score0.02836EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.6 views

The vulnerability of the soapcgi.main() function in the D-LINK GO-RT-AC750 router software allows a hacker to execute arbitrary commands.

The vulnerability of the soapcgimain function in the D-LINK GO-RT-AC750 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

5.5CVSS8.1AI score0.0337EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.7 views

Fortinet FortiWeb 操作系统命令注入漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure Web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

7.8CVSS7.7AI score0.00626EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/04/11 12:0 a.m.6 views

The vulnerability of the Wizard service, a security and management tool for web devices, allows a hacker to execute arbitrary commands.

The vulnerability of the Wizard service, a security and management tool for web devices, Sophos Web Appliance SWA, is related to the failure to take measures to neutralize special elements during exception handling. Exploiting this vulnerability allows an attacker operating remotely to execute...

8.5CVSS7.4AI score0.01819EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.4 views

PT-2023-9673 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientWindows versions prior to 7.0.7 Description: The issue is related to an incorrect permission assignment for a critical resource and a time-of-check time-of-use TOCTOU race condition vulnerability. This could allow a remote...

8.1CVSS8.2AI score0.00701EPSS
Exploits0References6
Huntr
Huntr
added 2023/04/10 4:20 p.m.29 views

An outdated dependency leads to to remote command execution vulnerability

Description A few days ago, the vm2 module of nodejs found a sandbox escape vulnerability, which was officially fixed in v3.9.15 However, a fixed vm2 version is hard-coded in the package.jsonv 3.9.11 of the jsreport-core component of jsreport, which makes it impossible to install the latest vm2...

7.5CVSS7AI score0.63186EPSS
Exploits2References1
OSV
OSV
added 2023/04/10 4:15 p.m.5 views

CVE-2023-26986

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...

7.8CVSS7.4AI score0.00508EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/10 12:0 a.m.9 views

CVE-2023-26986

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...

8AI score0.00508EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/04/10 12:0 a.m.5 views

The vulnerability of the command-line interface of Siemens SCALANCE industrial switches allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of Siemens SCALANCE industrial switches exists due to the lack of measures taken to protect the command-line interface. Exploitation of this vulnerability allows a malicious actor to execute arbitrary commands remotely...

9CVSS7.9AI score0.0282EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/04/10 12:0 a.m.4 views

The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the mySCADA myPRO industrial process visualization and control system exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remote...

9.9CVSS8.2AI score0.2457EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/07 2:54 p.m.10 views

CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

7.4AI score0.02765EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/07 2:54 p.m.14 views

CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

9.9AI score0.02765EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.693 views

Binwalk 2.3.2 Remote Command Execution

Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...

7.8CVSS7.6AI score0.21845EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.205 views

WIMAX SWC-5100W Remote Command Execution

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.23 views

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution (cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD)

According to its self-reported version, the Cisco Small Business Router is by a vulnerability. A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary...

7.2CVSS7.6AI score0.00961EPSS
Exploits0References4
NVD
NVD
added 2023/04/05 6:15 p.m.26 views

CVE-2023-20128

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...

7.2CVSS7.4AI score0.30386EPSS
Exploits0References1
Rows per page
Query Builder