Lucene search
K

15300 matches found

Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.9 views

CVE-2022-47504 SolarWinds Platform Deserialization of Untrusted Data Vulnerability

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

7.2CVSS7.5AI score0.25061EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.10 views

CVE-2023-23836 SolarWinds Platform Deserialization of Untrusted Data Vulnerability

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands...

7.2CVSS7.5AI score0.80298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.10 views

CVE-2022-47507 SolarWinds Platform Deserialization of Untrusted Data Vulnerability

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

7.2CVSS7.5AI score0.07234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.8 views

CVE-2022-47503 SolarWinds Platform Deserialization of Untrusted Data Vulnerability

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

7.2CVSS7.5AI score0.24439EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.4 views

The vulnerability of the httpd microprogramming software used in TOTOLINK A7100RU routers allows attackers to execute arbitrary commands.

The vulnerability of the httpd microprogramming system used in TOTOLINK A7100RU routers lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.0192EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.6 views

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the centralized control system for network devices and ports of Advantech iView relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

9CVSS7.2AI score0.09002EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.7 views

The vulnerability of the exec() function implementation in D-Link DIR-846 router software allows a hacker to execute arbitrary commands.

The vulnerability of the exec function implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the lan0dhcpsstaticlist parameter. Exploiting this vulnerabilit...

9.1CVSS8.1AI score0.10503EPSS
Exploits4References8
OSV
OSV
added 2023/02/11 1:23 a.m.3 views

CVE-2022-45104

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system...

8.8CVSS6.2AI score0.01382EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/10 8:48 p.m.6 views

CVE-2022-34447

PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user...

7.2CVSS8AI score0.01657EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/10 12:0 a.m.3 views

PT-2023-14731

Name of the Vulnerable Software and Affected Versions APSystems ECU-R version 5203 Description The issue allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter in the administration interface. Recommendations For APSystems ECU-R version 5203,...

9.8CVSS7.5AI score0.76604EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2023/02/10 12:0 a.m.6 views

The vulnerability of the web server of the microprogrammed wireless access points from Delta Electronics, the DVW-W02W2-E2, allows a intruder to execute arbitrary commands and gain full control over the system.

The vulnerability of the web server of the microprogrammed wireless access points from Delta Electronics DVW-W02W2-E2 lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands and gain full control over the...

9CVSS8AI score0.18158EPSS
Exploits1References5Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/10 12:0 a.m.46 views

TerraMaster OS Remote Command Execution Vulnerability

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

9.8CVSS3.9AI score0.8405EPSS
In wildExploits9
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.4 views

PT-2023-1709 · Sap · Sap Businessobjects

Name of the Vulnerable Software and Affected Versions: SAP Business Object Adaptive Job Server versions 420, 430 Description: The issue allows remote execution of arbitrary commands on Unix systems when program objects execution is enabled. This can be done by authenticated users with scheduling...

9CVSS8.8AI score0.00926EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2023/02/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2010-2261

Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 data2 and 2 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

10CVSS6.1AI score0.02642EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/02/07 12:0 a.m.505 views

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...

10CVSS8.8AI score0.8405EPSS
In wildExploits17References6
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.4 views

NVS365 安全漏洞

NVS365 is a network video server from NVS365. A security vulnerability exists in NVS365 version V01, which stems from a command execution that can be triggered by the background network test function...

9.8CVSS8.5AI score0.25905EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.5 views

Dell EMC NetWorker 代码注入漏洞

Dell EMC NetWorker is a suite of unified backup and recovery software from Dell USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A code injection vulnerability exists in Dell EMC NetWorker. An unauthenticated, remote attacker can sen...

9.8CVSS8.8AI score0.0103EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/02/03 12:0 a.m.5 views

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming software VPN routers lies in insufficient cleaning of special elements in the output data used by the incoming component. This allows a malicious actor to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming systems lies in insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote...

8.3CVSS7.5AI score0.00964EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/02/03 12:0 a.m.5 views

The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.

The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.2AI score0.00492EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2023/02/02 1:15 p.m.5 views

CVE-2022-46552

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

8.8CVSS6AI score0.10503EPSS
Exploits4References7
Rows per page
Query Builder