Lucene search
K

15287 matches found

Vulnrichment
Vulnrichment
added 2023/03/29 4:2 a.m.8 views

CVE-2023-23355 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...

6.6CVSS7.6AI score0.01226EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

Xiaomi router 访问控制错误漏洞

Xiaomi router is a series of wireless routers from Chinese company Xiaomi. A security vulnerability exists in firmware version 2020 of the Xiaomi router, which stems from the lack of access control policies on some API interfaces, which could lead to WIFI password leakage and allow attackers to...

7.5CVSS7.4AI score0.01031EPSS
Exploits0References2
0day.today
0day.today
added 2023/03/29 12:0 a.m.383 views

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/29 12:0 a.m.292 views

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Window...

7AI score
Exploits0
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.4 views

DataEase 注入漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . An injection vulnerability exists in DataEase version 1.18.4 and earlier versions. An attacker...

8.8CVSS8.1AI score0.0132EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.6 views

PT-2023-8672 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to the lack of verification for HTTP requests, which may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious...

8CVSS7.9AI score0.00254EPSS
Exploits1References4
0day.today
0day.today
added 2023/03/28 12:0 a.m.241 views

Hashicorp Consul v1.0 - Remote Command Execution Exploit

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/28 12:0 a.m.245 views

SolarWinds Information Service (SWIS) Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/amqp/version091' class MetasploitModule 'SolarWinds Information Service SWIS .NET Deserialization From AMQP RCE', 'Description' = %q The SolarWinds...

7.2CVSS7.2AI score0.69546EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.5 views

The vulnerability of the crypt_64bit_up/down() function in the Telnet service of Netgear’s microprogrammed router Orbi RBR750 allows a hacker to execute arbitrary commands.

The vulnerability of the crypt64bitup/down function in the Telnet service of Netgear Orbi RBR750 microprogramming routers is related to the presence of hidden functionality when using the Blowfish cryptographic algorithm. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS8AI score0.02089EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.3 views

The vulnerability of TP-Link MR3020 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.

The vulnerability of TP-Link MR3020 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted tftp request to the destination...

10CVSS8.2AI score0.0249EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2023/03/28 12:0 a.m.264 views

Hashicorp Consul 1.0 Remote Command Execution

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/28 12:0 a.m.163 views

Hashicorp Consul v1.0 - Remote Command Execution (RCE)

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.171 views

Webgrind 1.1 Cross Site Scripting / Remote Code Execution

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 1...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.183 views

Human Resources Management System v1.0 - Multiple SQL injection Vulnerability

Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.171 views

WebTareas 2.4 - Remote Command Execution (Authorized) Vulnerability

Exploit Title: WebTareas 2.4 - RCE Authorized Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.4...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.156 views

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution Vulnerability

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 10 using XAMPP Vulnerability...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/25 12:0 a.m.6 views

PT-2023-7473 · Ubiquiti · Ubiquiti Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 Description: The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execut...

10CVSS8.2AI score0.01888EPSS
Exploits0References10
Packet Storm
Packet Storm
added 2023/03/24 12:0 a.m.281 views

Bitbucket 7.0.0 Remote Command Execution

Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...

8.8CVSS8.7AI score0.99174EPSS
Exploits24
BDU FSTEC
BDU FSTEC
added 2023/03/24 12:0 a.m.5 views

The vulnerability of the formWriteFacMac function in the Tenda AC1206 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function in the Tenda AC1206 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary commands...

10CVSS8.1AI score0.02488EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/24 12:0 a.m.5 views

The vulnerability of the application software interface of the software platform for managing security in industrial networks, MXSecurity, allows a perpetrator to execute arbitrary commands.

The vulnerability of the application software interface of the MXSecurity software platform for managing security in industrial networks is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS7.6AI score0.01456EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder