Lucene search
K

15287 matches found

GithubExploit
GithubExploit
added 2023/03/23 4:8 p.m.1190 views

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

PoC exploit for CVE-2023-27532, a vulnerability in Veeam Backup...

7.5CVSS9.7AI score0.7761EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.6 views

PT-2023-7478 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue exists due to the failure to neutralize special elements in the DataLogView.php, EventsView.php, and AlarmsView.php scripts of the Osprey Pump Controller software. This allows a remot...

10CVSS10AI score0.18202EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.8 views

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.9AI score0.01409EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 3:15 p.m.2 views

CVE-2023-27874

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845...

8.8CVSS6.1AI score0.01343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.3 views

PT-2023-2286 · NetGear · Netgear Orbi Satellite Rbs750

Name of the Vulnerable Software and Affected Versions: Netgear Orbi Satellite RBS750 version 4.6.8.5 Description: A command execution vulnerability exists in the ubus backend communications functionality. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can sen...

8.3CVSS8.1AI score0.01987EPSS
Exploits1References11
Packet Storm
Packet Storm
added 2023/03/20 12:0 a.m.268 views

Human Resources Management System 1.0 SQL Injection

Exploit Title: Human Resources Management System - HRM - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2023/03/20 12:0 a.m.244 views

Human Resources Management System 1.0 SQL Injection Vulnerability

Exploit Title: Human Resources Management System - HRM - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...

6.8AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/03/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-15133

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key APPKEY environment variable...

8.1CVSS7.3AI score0.76814EPSS
Exploits11References1
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.5 views

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.01538EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.5 views

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.01538EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.4 views

PT-2023-9802 · Draytek · Draytek Vigor2960

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 version 1.5.1.4 Description: The issue allows an authenticated attacker with network access to the web management interface to inject operating system commands via the parameter parameter in the mainfunction.cgi component...

7.8CVSS7.8AI score0.06717EPSS
Exploits1References15
OSV
OSV
added 2023/03/14 5:15 a.m.5 views

CVE-2023-25617

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

8.8CVSS7.5AI score0.00926EPSS
Exploits0References2
PyPA
PyPA
added 2023/03/14 5:15 a.m.13 views

PYSEC-2023-315

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

9CVSS7.6AI score0.00926EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/14 4:42 a.m.8 views

CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

9CVSS9.2AI score0.00926EPSS
Exploits0References2
Hacker One
Hacker One
added 2023/03/07 4:4 p.m.115 views

Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution

An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...

7.5CVSS7.5AI score0.01826EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/07 3:11 p.m.157 views

Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution

An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...

7.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.5 views

The vulnerability of the microprogramming software of the SolarView Compact device, which is used for measuring solar energy, data display, and storage, stems from the lack of measures to clean incoming data. This allows a malicious individual to execute arbitrary commands.

The vulnerability of the microprogramming software of the SolarView Compact device, which is used for measuring solar energy, data display, and storage, stems from the lack of measures to clean incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary command...

10CVSS8.1AI score0.99273EPSS
Exploits9References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.8 views

The vulnerability in the web interface for operating systems ArubaOS exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability in the web interface for operating systems ArubaOS exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.3CVSS7.5AI score0.01618EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.5 views

The vulnerability of Huawei BiSheng-WNM printer’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of Huawei BiSheng-WNM printer’s microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by transmitting specially...

10CVSS8.2AI score0.01109EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.5 views

The vulnerability of D-Link DCS-930L Wi-Fi cameras lies in the lack of measures taken to neutralize special elements used in the operating system’s command structure. This allows intruders to execute arbitrary commands.

The vulnerability of D-Link DCS series Wi-Fi cameras exists due to the lack of measures taken to neutralize special elements used in the operating system’s command structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.68525EPSS
Exploits1References4
Rows per page
Query Builder