897 matches found
Pulse Secure Pulse Connect Secure 命令注入漏洞
Pulse Secure Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is an SSL VPN solution from Pulse Secure, Inc. in the United States. A command injection vulnerability exists in Pulse Secure Pulse Connect Secure that stems from the product's failure to filter input data for specia...
Riak Insecure Default Configuration / Remote Command Execution
Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last...
Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...
Weidmueller Industrial WLAN devices Access Control Error Vulnerability
Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...
CVE-2021-33538
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...
CVE-2021-33538
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...
Improper access control
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...
CVE-2021-33538 WEIDMUELLER: WLAN devices affected by improper access control vulnerability
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...
Weidmueller Industrial WLAN 安全漏洞
Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...
F5 BIG-IQ VE 8.0.0-2923215 Remote Root
F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution Exploit
Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution
Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...
CVE-2021-23895 Authorized deserialization of untrusted data in McAfee DBSec
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
Backdoor.Win32.Small.n Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.n Vulnerability: Unauthenticated Remote Command Execution SYSTEM Description: T...
Backdoor.Win32.Delf.zs Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/911e96073cfe807289366343aa8d97ac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.zs Vulnerability: Unauthenticated Remote Command Execution Description: Backdoor...
USN-4875-1 opensmtpd vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...
CVE-2021-26809
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...
CVE-2021-26809
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...
CVE-2021-26809
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...