Lucene search
K

15304 matches found

PyPA
PyPA
added 2023/01/04 3:15 p.m.6 views

PYSEC-2023-4

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions...

9.8CVSS7.4AI score0.0255EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/04 3:15 p.m.29 views

PYSEC-2023-4

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions...

9.8CVSS9.7AI score0.0255EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/04 2:57 p.m.37 views

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

9.7AI score0.0255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/04 2:57 p.m.7 views

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

9.7AI score0.0255EPSS
Exploits0References2
CVE
CVE
added 2023/01/04 2:57 p.m.81 views

CVE-2022-45875

Apache DolphinScheduler (CVE-2022-45875) is affected by improper validation of script alert plugin parameters, allowing remote command execution. The issue affects 3.0.1 and earlier, and 3.1.0 and earlier; authenticated users who can log in to DolphinScheduler could exploit it. CVSSv3.1 base scor...

9.8CVSS9.5AI score0.0255EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/03 8:5 p.m.7 views

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

7.2CVSS7.6AI score0.01437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/03 8:4 p.m.6 views

CVE-2022-43537

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

7.2CVSS7.6AI score0.01437EPSS
Exploits0References1
OSV
OSV
added 2023/01/03 4:15 a.m.0 views

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...

10CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.5 views

PT-2023-15965 · WordPress · The User Post Gallery - Upg

Name of the Vulnerable Software and Affected Versions: The User Post Gallery - UPG plugin for WordPress versions up to, and including 2.19 Description: The issue allows for authorization bypass, leading to remote command execution due to the use of a nopriv AJAX action and user-supplied function...

7.3AI score
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/30 12:0 a.m.5 views

PT-2022-6125

Name of the Vulnerable Software and Affected Versions Synology VPN Plus Server versions prior to 1.4.3-0534 and 1.4.4-0635 Description The issue is related to an out-of-bounds write vulnerability in the Remote Desktop functionality of Synology VPN Plus Server. This vulnerability can be exploited ...

10CVSS10AI score0.16841EPSS
Exploits0References7
0day.today
0day.today
added 2022/12/24 12:0 a.m.320 views

4images 1.9 Remote Command Execution Vulnerability

Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/12/22 12:0 a.m.281 views

4images 1.9 Remote Command Execution

Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...

Exploits0
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-20057

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter...

9CVSS7.6AI score0.07396EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/20 12:0 a.m.6 views

PT-2022-25424 · Pfsense · Pfblockerng

Name of the Vulnerable Software and Affected Versions: pfSense pfBlockerNG versions through 2.1.4 27 Description: The issue allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. Recommendations: For pfSense pfBlockerNG versions through 2.1.4 27, update to a...

9.8CVSS9.9AI score0.17107EPSS
Exploits1References5
OSV
OSV
added 2022/12/19 3:15 a.m.0 views

CVE-2022-44456

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

9.8CVSS6AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/19 12:0 a.m.7 views

CVE-2022-44456

CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...

7.5AI score0.69877EPSS
Exploits0References3
NVD
NVD
added 2022/12/16 4:15 p.m.25 views

CVE-2022-25627

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...

6.7CVSS0.00907EPSS
Exploits0References1
OSV
OSV
added 2022/12/16 4:15 p.m.2 views

CVE-2022-25627

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...

6.7CVSS5.8AI score0.00907EPSS
Exploits0References1
Prion
Prion
added 2022/12/16 4:15 p.m.12 views

Command injection

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...

4CVSS6.5AI score0.00907EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.4 views

NETGEAR Nighthawk 操作系统命令注入漏洞

The NETGEAR Nighthawk WiFi6 Router is a series of routers that support WiFi 6 technology and are designed for users who are looking for a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a command injection vulnerability that stems from the fact that the default...

7.8CVSS8AI score0.00402EPSS
Exploits1References2
Rows per page
Query Builder