Lucene search
K

342 matches found

Cvelist
Cvelist
added 2019/10/08 12:2 p.m.17 views

CVE-2019-14657

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitra...

9.1AI score0.03735EPSS
Exploits1References2
exploitpack
exploitpack
added 2019/10/07 12:0 a.m.35 views

logrotten 3.15.1 - Privilege Escalation

logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...

0.8AI score
Exploits0
OSV
OSV
added 2019/09/05 5:15 p.m.3 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

8.8CVSS7.5AI score0.77741EPSS
Exploits13References4
CNVD
CNVD
added 2019/08/08 12:0 a.m.5 views

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability (CNVD-2019-38848)

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A command injection vulnerability exists in the web portal of Cisco Enterpri...

10CVSS8.3AI score0.03578EPSS
Exploits0References1
OSV
OSV
added 2019/07/25 10:0 a.m.3 views

UBUNTU-CVE-2019-13917

Exim 4.85 through 4.92 fixed in 4.92.1 allows remote code execution as root in some unusual configurations that use the $sort expansion for items that can be controlled by an attacker e.g., $localpart or $domain...

9.8CVSS7.8AI score0.08622EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/07/02 12:0 a.m.5 views

PT-2019-18499 · Linear · Linear Emerge 50P/5000P

Name of the Vulnerable Software and Affected Versions: Linear eMerge 50P/5000P devices affected versions not specified Description: The issue allows authenticated command injection with root code execution. Recommendations: At the moment, there is no information about a newer version that contain...

10CVSS9.7AI score0.40005EPSS
Exploits5References6
OSV
OSV
added 2019/07/01 8:15 p.m.6 views

CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

9.8CVSS7.4AI score0.93384EPSS
Exploits7References4
VulnCheck KEV
VulnCheck KEV
added 2019/06/06 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-3929

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

10CVSS7.4AI score0.98952EPSS
Exploits10References1
UbuntuCve
UbuntuCve
added 2019/05/07 7:29 p.m.28 views

CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...

9.3CVSS7.3AI score0.0235EPSS
Exploits0References4
OSV
OSV
added 2019/04/11 9:29 p.m.5 views

CVE-2018-20487

An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...

8.8CVSS5.8AI score0.01906EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/11 8:21 p.m.24 views

CVE-2018-20487

An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...

8.5AI score0.01906EPSS
Exploits1References2
OSV
OSV
added 2018/12/07 2:29 p.m.3 views

CVE-2018-7364

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges...

9.8CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2018/10/24 9:29 p.m.2 views

DEBIAN-CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

7.8CVSS7.1AI score0.00558EPSS
Exploits0References1
OSV
OSV
added 2018/10/24 9:29 p.m.9 views

UBUNTU-CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

7.8CVSS7.1AI score0.00558EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/08/03 9:0 p.m.20 views

CVE-2018-14928

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...

7.6AI score0.01657EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/06/27 6:1 p.m.5 views

source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code

A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which a...

9CVSS5.8AI score0.01362EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:50 p.m.20 views

Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122)

Summary IBM Security Guardium contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM Security Guardium has addressed this issue Vulnerability Details CVEID: CVE-2017-1122 DESCRIPTION: IBM Security Guardium...

7.4CVSS1.1AI score0.00333EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2018/05/17 3:0 a.m.2 views

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

6.2AI score0.00684EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/05/15 3:3 p.m.5 views

dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root...

7.9CVSS6AI score0.94457EPSS
Exploits14References5
NVD
NVD
added 2018/05/02 9:29 p.m.18 views

CVE-2018-10577

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files...

9CVSS8.7AI score0.06593EPSS
Exploits5References2
Rows per page
Query Builder