Lucene search
K

78 matches found

ATTACKERKB
ATTACKERKB
added 2022/05/04 11:0 p.m.6 views

CVE-2022-20777

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

9.9CVSS7.5AI score0.1076EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/05/04 11:0 p.m.5 views

CVE-2022-20779

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

9.9CVSS7.5AI score0.10173EPSS
Exploits1References3
OSV
OSV
added 2022/05/04 5:15 p.m.11 views

CVE-2022-20780

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

7.4CVSS5.9AI score0.10922EPSS
Exploits1References2
CVE
CVE
added 2022/05/04 5:5 p.m.142 views

CVE-2022-20780

CVE-2022-20780 is one of three Cisco NFVIS flaws affecting Cisco Enterprise NFV Infrastructure Software. Connected sources confirm concrete details: the issues enable an authenticated or unauthenticated remote attacker to escape a guest VM to the NFVIS host, inject commands that execute at root l...

9.9CVSS7.8AI score0.10922EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2020/12/08 1:59 p.m.31 views

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...

1.1AI score
Exploits0
Cvelist
Cvelist
added 2020/02/24 6:16 p.m.23 views

CVE-2019-12511 Root Command Injection via MAC Address in SOAP API

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

10AI score0.02267EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/10/24 9:29 p.m.26 views

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

7.8CVSS6.9AI score0.01187EPSS
Exploits1References2
NVD
NVD
added 2018/10/24 9:29 p.m.17 views

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

7.8CVSS7.9AI score0.01187EPSS
Exploits1References1
OSV
OSV
added 2018/10/24 9:29 p.m.3 views

UBUNTU-CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

7.8CVSS7AI score0.01187EPSS
Exploits1References3
OSV
OSV
added 2018/09/19 5:29 p.m.4 views

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

8.8CVSS5.8AI score0.02529EPSS
Exploits1References1
Metasploit
Metasploit
added 2018/07/05 6:31 p.m.19 views

HP VAN SDN Controller Root Command Injection

This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller 'HP VAN SDN Controller Root Command Injection', 'Description' = %q This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller = 2.7.18.0503 to execute a payload as...

7.9AI score
Exploits0
OSV
OSV
added 2018/02/14 7:29 p.m.9 views

CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute...

8.8CVSS5.9AI score0.02268EPSS
Exploits0References1
NVD
NVD
added 2018/02/14 7:29 p.m.20 views

CVE-2017-6229

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute...

9CVSS8.9AI score0.02268EPSS
Exploits0References1
CVE
CVE
added 2018/02/14 7:0 p.m.62 views

CVE-2017-6230

The CVE-2017-6230 entry concerns Ruckus Networks Solo APs (firmware R110.x or earlier) and SZ managed APs (firmware R5.x or earlier). It describes an authenticated Root Command Injection vulnerability in the web-GUI, enabling an authenticated user to execute privileged commands on affected system...

9CVSS8.8AI score0.02268EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/05/19 12:0 a.m.17 views

Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability

Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. An authentication bypass vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning, which stems from a lack of security restrictions in certain HTTP request methods. An...

10CVSS7.9AI score0.6217EPSS
Exploits5References1
OSV
OSV
added 2017/04/20 9:59 p.m.3 views

CVE-2017-1122

IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174...

7.4CVSS5.9AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2017/01/03 6:59 a.m.2 views

CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

9.8CVSS7.3AI score0.11225EPSS
Exploits1References2
OSV
OSV
added 2017/01/03 6:59 a.m.2 views

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

9.8CVSS7.4AI score0.95174EPSS
Exploits4References3
Rows per page
Query Builder