Lucene search
K

15304 matches found

BDU FSTEC
BDU FSTEC
added 2023/01/13 12:0 a.m.7 views

The vulnerability of the command-line interface of the FortiExtender signal booster software arises from insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary commands.

The vulnerability of the command-line interface of the FortiExtender signal booster software relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS8AI score0.01055EPSS
Exploits0References4Affected Software1
Cisco
Cisco
added 2023/01/11 4:0 p.m.39 views

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validati...

4.9CVSS7.3AI score0.00964EPSS
Exploits0References1
NVD
NVD
added 2023/01/11 3:15 a.m.27 views

CVE-2022-48253

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used...

9.8CVSS9.7AI score0.03406EPSS
Exploits1References2
OSV
OSV
added 2023/01/11 3:15 a.m.4 views

CVE-2022-48253

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used...

9.8CVSS6AI score0.03406EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/11 1:34 a.m.28 views

Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side Template Injection

Description Froxlor 2.0.6 Stable is suffering from Remote Command Execution that was achieved by chaining two bugs, the first one is an arbitrary file write on the logging feature, which allows an authenticated attacker to point the log file to any writable path even if it was the web server...

6.5CVSS9.3AI score0.97653EPSS
Exploits8References1
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.6 views

PT-2023-1559 · Zyxel · Zyxel Nr7101

Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to...

8.8CVSS8.7AI score0.01084EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.4 views

PT-2023-15650 · Nostromo · Nostromo

Name of the Vulnerable Software and Affected Versions: Nostromo versions prior to 2.1 Description: The issue allows an attacker to execute arbitrary commands on the remote server due to a path traversal vulnerability. This occurs when the homedirs option is used. Recommendations: For versions pri...

9.8CVSS8.2AI score0.03406EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.5 views

PT-2023-14412 · Linksys · Linksys Wrt54Gl Wireless-G Broadband Router

Name of the Vulnerable Software and Affected Versions: Linksys WRT54GL Wireless-G Broadband Router versions = 4.30.18.006 Description: A buffer overflow issue exists, allowing an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating...

7.2CVSS7.2AI score0.19304EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2023/01/09 12:0 a.m.3 views

The vulnerability of the FortiADC application delivery controller web interface allows a hacker to execute arbitrary commands.

The vulnerability of the FortiADC application delivery controller web interface exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands by...

9CVSS8.2AI score0.02891EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/06 5:15 p.m.4 views

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

8.8CVSS5.9AI score0.64354EPSS
Exploits5References5
Vulnrichment
Vulnrichment
added 2023/01/06 12:0 a.m.6 views

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

7.3AI score0.64354EPSS
Exploits5References5
Cvelist
Cvelist
added 2023/01/06 12:0 a.m.30 views

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

9.2AI score0.64354EPSS
Exploits5References5
OSV
OSV
added 2023/01/05 11:15 p.m.3 views

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

9.8CVSS7.6AI score0.99995EPSS
Exploits12References7
OSV
OSV
added 2023/01/05 7:15 a.m.2 views

CVE-2022-43537

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

7.2CVSS6.1AI score0.01437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/05 12:0 a.m.17 views

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

9.8AI score0.99995EPSS
Exploits12References6
BDU FSTEC
BDU FSTEC
added 2023/01/05 12:0 a.m.6 views

The vulnerability of the PDF creation library pdfkit, related to insufficient validation of arguments passed to the command, allows attackers to execute arbitrary commands.

The vulnerability of the pdfkit library for creating PDF files is related to insufficient checking of arguments passed to the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

10CVSS8.1AI score0.38924EPSS
Exploits11References8Affected Software2
Github Security Blog
Github Security Blog
added 2023/01/04 3:30 p.m.38 views

Apache DolphinScheduler vulnerable to Improper Input Validation

Apache DolphinScheduler improperly validates script alert plugin parameters and is vulnerable to remote command execution. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. Users should upgrade to version 3.0.2 or 3.1.1...

9.8CVSS9.2AI score0.0255EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/01/04 3:30 p.m.26 views

GHSA-3XH5-8HVQ-RC8X Apache DolphinScheduler vulnerable to Improper Input Validation

Apache DolphinScheduler improperly validates script alert plugin parameters and is vulnerable to remote command execution. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. Users should upgrade to version 3.0.2 or 3.1.1...

9.8CVSS9.6AI score0.0255EPSS
Exploits0References5
NVD
NVD
added 2023/01/04 3:15 p.m.39 views

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

9.8CVSS9.5AI score0.0255EPSS
Exploits0References2
OSV
OSV
added 2023/01/04 3:15 p.m.16 views

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

9.8CVSS9.4AI score
Exploits0References2
Rows per page
Query Builder