Lucene search
K

343 matches found

Kitploit
Kitploit
added 2021/07/18 12:30 p.m.77 views

DNSStager - Hide Your Payload In DNS

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...

7.6AI score
Exploits0References3
NVD
NVD
added 2021/06/29 3:15 p.m.14 views

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

7.2CVSS0.00551EPSS
Exploits0References2
OSV
OSV
added 2021/06/29 3:15 p.m.4 views

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

6.8CVSS6.1AI score0.00551EPSS
Exploits0References2
OSV
OSV
added 2021/05/22 7:15 a.m.5 views

CVE-2021-1557

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI...

6.7CVSS6.1AI score0.00325EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2020:1533-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.9AI score0.74513EPSS
Exploits2References4
OSV
OSV
added 2021/03/26 8:15 a.m.3 views

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

8.8CVSS5.8AI score0.00415EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/02/17 10:15 p.m.27 views

CVE-2021-26720

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects th...

7.8CVSS7.2AI score0.00395EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/02/15 12:0 a.m.3 views

PT-2021-7394 · Debian +2 · Avahi +2

Name of the Vulnerable Software and Affected Versions: avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 Description: The issue is related to the execution of avahi-daemon-check-dns.sh as root via /etc/network/if-up.d/avahi-daemon, allowing a local attacker to cause a denial of...

9.1CVSS7.3AI score0.59223EPSS
Exploits9References67
OSV
OSV
added 2021/01/27 4:15 p.m.2 views

UBUNTU-CVE-2021-25311

condorcredd in HTCondor before 8.9.11 allows Directory Traversal outside the SECCREDENTIALDIRECTORYOAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root...

9.9CVSS7.3AI score0.03164EPSS
Exploits0References3
OSV
OSV
added 2020/11/17 3:15 p.m.5 views

CVE-2020-27555

Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...

9.8CVSS7.6AI score0.02505EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2020/10/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence...

10CVSS5.8AI score0.02709EPSS
Exploits0References1
OSV
OSV
added 2020/10/06 3:15 p.m.3 views

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...

9.6CVSS7.4AI score0.02119EPSS
Exploits1References2
Prion
Prion
added 2020/10/06 3:15 p.m.17 views

Cross site scripting

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...

9.3CVSS9AI score0.02119EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/10/06 2:32 p.m.56 views

CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by a stored XSS via the webquery.pl User-Agent header. An unauthenticated attacker can inject JavaScript that is rendered when admins log in, potentially forcing the admin to upload a malicious Perl script that could be executed as root through libMis...

9.6CVSS9.1AI score0.02119EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/06 12:0 a.m.5 views

PT-2020-16465 · Leostream · Leostream Connection Broker

Name of the Vulnerable Software and Affected Versions: Leostream Connection Broker versions 8.2.x Description: The issue allows an unauthenticated attacker to inject arbitrary JavaScript code via the User-Agent HTTP header in the webquery.pl file. This code is rendered by administrators the next...

9.6CVSS7.3AI score0.02119EPSS
Exploits1References4
Prion
Prion
added 2020/10/02 9:15 a.m.13 views

Buffer overflow

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication...

10CVSS9.8AI score0.03608EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/25 1:19 p.m.30 views

CVE-2020-14510 OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

9.8CVSS9.6AI score0.02487EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/04 12:0 a.m.43 views

X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processi...

5.5CVSS4.7AI score0.00388EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/23 12:0 a.m.1 views

Cisco SD-WAN vManage Software License Issue Vulnerability

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. An authorization issue vulnerability exists in the CLI in Cisco SD-WAN vManage Software that stems from insufficient input validation. A local attacker can exploit the...

7.8CVSS7.4AI score0.00377EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/06/30 12:15 p.m.26 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.3AI score0.00538EPSS
Exploits1References2
Rows per page
Query Builder