Lucene search
K

32 matches found

EUVD
EUVD
added 2026/07/02 12:28 p.m.8 views

EUVD-2026-41366

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/02 12:28 p.m.37 views

CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
CVE
CVE
added 2026/07/02 12:28 p.m.19 views

CVE-2026-58652

The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/20 12:32 p.m.3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the memosaccesstoken function of the UpdateInstanceSetting component when manipulating the additionalStyle or additionalScript arguments. An attacker can gain unauthorized access to sensitive informatio...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.8 views

The vulnerability of Cisco IOS XE operating systems arises from incorrect checking of arguments passed in the loading script. This allows a malicious actor to execute arbitrary code on the vulnerable Linux-based device.

The vulnerability of Cisco IOS XE operating systems exists due to incorrect checking of arguments passed in the loading script. Exploiting this vulnerability allows a perpetrator to execute arbitrary code on the vulnerable Linux-based device...

7.2CVSS7.3AI score0.00377EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/03/24 8:15 p.m.4 views

CVE-2021-1452

A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...

6.8CVSS7AI score0.00372EPSS
Exploits0References1
Nmap
Nmap
added 2017/07/28 9:1 a.m.478 views

smb2-time NSE Script

Attempts to obtain the current system date and the start date of a SMB2 server. Script Arguments randomseed, smbbasic, smbport, smbsign See the documentation for the smb library. smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. Examp...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2017/03/14 12:15 a.m.284 views

broadcast-ospf2-discover NSE Script

Discover IPv4 networks using Open Shortest Path First version 2OSPFv2 protocol. The script works by listening for OSPF Hello packets from the 224.0.0.5 multicast address. The script then replies and attempts to create a neighbor relationship, in order to discover network database. If no interface...

10CVSS0.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2016/12/08 9:17 p.m.150 views

tso-brute NSE Script

TSO account brute forcer. This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP. TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, , $. - it cannot be longer than 7 chars Script Arguments...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2016/12/03 6:8 a.m.1666 views

fingerprint-strings NSE Script

Prints the readable strings from service fingerprints of unknown services. Nmap's service and application version detection engine sends named probes to target services and tries to identify them based on the response. When there is no match, Nmap produces a service fingerprint for submission...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2014/01/03 9:10 p.m.101 views

unittest NSE Script

Runs unit tests on all NSE libraries. Script Arguments unittest.run Run tests. Causes unittest.testing to return true. unittest.tests Run tests from only these libraries defaults to all Example Usage nmap --script unittest --script-args unittest.run Script Output Pre-scan script results: |...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2013/10/31 4:4 a.m.1597 views

http-iis-short-name-brute NSE Script

Attempts to brute force the 8.3 filenames commonly known as short names of files and directories in the root folder of vulnerable IIS servers. This script is an implementation of the PoC "iis shortname scanner". The script uses ,? and to bruteforce the short name of files present in the IIS...

10CVSS9.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/08/17 6:44 p.m.266 views

rpc-grind NSE Script

Fingerprints the target RPC port to extract the target service, RPC number and version. The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from t...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/08/15 1:50 a.m.98 views

broadcast-eigrp-discovery NSE Script

Performs network discovery and routing information gathering through Cisco's Enhanced Interior Gateway Routing Protocol EIGRP. The script works by sending an EIGRP Hello packet with the specified Autonomous System value to the 224.0.0.10 multicast address and listening for EIGRP Update packets. T...

10CVSS0.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/06/09 6:44 p.m.330 views

dns-nsec3-enum NSE Script

Tries to enumerate domain names from the DNS server that supports DNSSEC NSEC3 records. The script queries for nonexistant domains until it exhausts all domain ranges keeping track of hashes. At the end, all hashes are printed along with salt and number of iterations used. This technique is known...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/05/07 6:49 p.m.147 views

ajp-headers NSE Script

Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers. Script Arguments ajp-headers.path The path to request, such as /index.php. Default /. slaxml.debug See the documentation for the...

10CVSS0.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/01/02 11:27 a.m.468 views

redis-brute NSE Script

Performs brute force passwords auditing against a Redis key-value store. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library. brute.credfile,...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2011/12/15 6:19 a.m.213 views

http-unsafe-output-escaping NSE Script

Spiders a website and attempts to identify output escaping problems where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghzhzx"zxc'xcv and chec...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
added 2011/10/11 6:3 a.m.475 views

ms-sql-dump-hashes NSE Script

Dumps the password hashes from an MS-SQL server in a format suitable for cracking by tools such as John-the-ripper. In order to do so the user needs to have the appropriate DB privileges. Credentials passed as script arguments take precedence over credentials discovered by other scripts. Script...

10CVSS9.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
added 2011/07/26 6:54 a.m.2057 views

xmpp-brute NSE Script

Performs brute force password auditing against XMPP Jabber instant messaging servers. Script Arguments xmpp-brute.servername needed when host name cannot be automatically determined eg. when running against an IP, instead of hostname xmpp-brute.auth authentication mechanism to use LOGIN, PLAIN,...

10CVSS0.1AI score0.99448EPSS
Exploits33
Rows per page
Query Builder