Lucene search
K

120 matches found

Cvelist
Cvelist
added 2020/08/06 3:45 p.m.24 views

CVE-2020-7357 Cayin CMS Command Injection

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

9.6CVSS9.9AI score0.33874EPSS
Exploits8References3
Positive Technologies
Positive Technologies
added 2020/08/06 12:0 a.m.3 views

PT-2020-19571 · Cayin · Cayin Cms-40 +4

Name of the Vulnerable Software and Affected Versions: Cayin CMS versions 7.5 through 8.2 Cayin CME-SE version affected versions not specified Cayin CMS-60 version affected versions not specified Cayin CMS-40 version affected versions not specified Cayin CMS-20 version affected versions not...

9.9CVSS8.1AI score0.33874EPSS
Exploits8References6
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.4 views

PT-2020-14424 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax migration...

10CVSS9.8AI score0.08083EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2020/06/04 12:0 a.m.202 views

Cayin Signage Media Player 3.0 Root Remote Command Injection

!/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: SMP-8000QD v3.0 SMP-8000 v3.0 SMP-6000 v3.0 Build 19025 SMP-6000 v1.0 Build 14246 SMP-6000 v1.0 Build 14199 SMP-6000...

0.6AI score
Exploits0
0day.today
0day.today
added 2020/06/04 12:0 a.m.85 views

Cayin Content Management Server 11.0 - Remote Command Injection (root) Vulnerability

Exploit for multiple platform in category web applications Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd...

7.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/06/04 12:0 a.m.87 views

Cayin Signage Media Player 3.0 Root Remote Command Injection

Summary CAYIN Technology provides Digital Signage solutions, including media players, servers, and software designed for the DOOH Digital Out-of-home networks. We develop industrial-grade digital signage appliances and tailored services so you don't have to do the hard work. Description CAYIN...

8.8CVSS6.1AI score0.01277EPSS
Exploits1
GithubExploit
GithubExploit
added 2020/05/09 11:22 a.m.195 views

Exploit for CVE-2020-11651

CVE-2020-11651 PoC for CVE-2020-11651 Requires Python3 tested...

9.8CVSS9.2AI score0.96405EPSS
Exploits24
OSV
OSV
added 2020/02/28 6:15 p.m.2 views

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...

8.8CVSS7.6AI score0.04122EPSS
Exploits1References1
OSV
OSV
added 2020/02/25 4:15 p.m.4 views

CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

8.8CVSS5.8AI score0.05136EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.5 views

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the fact that the execution of certain operations goes beyond the buffer in memory. This allows a malicious user to execute arbitrary commands with root privileges.

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the fact that the operation data is stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges, using a speciall...

10CVSS8.2AI score0.02582EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2019/09/24 6:15 p.m.20 views

CVE-2019-16754

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation asymcute, potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message an...

7.5CVSS7.4AI score0.01472EPSS
Exploits1References1
Prion
Prion
added 2019/09/24 6:15 p.m.13 views

Null pointer dereference

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation asymcute, potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message an...

5CVSS7.4AI score0.01472EPSS
Exploits1References1Affected Software1
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.355 views

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Product HC10 HC.Server Service 10.14 HC10 is a unified hosting...

7.5CVSS7.6AI score0.08793EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.4 views

The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers lies in the lack of authentication for a critical function, allowing an intruder to alter the device’s configuration.

The vulnerability of microprogrammed software in Modicon, ATV IMC, and PacDrive programmable logic controllers is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to remotely alter the device’s configuration IP address,...

8.2CVSS7.1AI score0.0124EPSS
Exploits0References3
CNVD
CNVD
added 2019/06/10 12:0 a.m.4 views

Moxa AWK-3121 Buffer Overflow Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwserverip' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...

8.8CVSS7.4AI score0.02582EPSS
Exploits1References1
OSV
OSV
added 2019/06/07 8:29 p.m.7 views

CVE-2018-10703

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwserverip" is susceptible ...

8.8CVSS6.3AI score0.02582EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2019/05/08 12:0 a.m.36 views

D-Link DWL-2600AP Upgrade Firmware Command Injection

Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Upgrade Firmware Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2018/09/21 3:35 p.m.28 views

Starbucks: China - ecjobsdc.starbucks.com.cn html/shtml file upload vulnerability

1, Summary During the test, I found ecjobsdc.starbucks.com.cn this site has an upload vulnerability, you can upload html and shtml format files, so you can read the server's intranet IP, the physical address of the website application and read the website web.config file. 2, Vulnerability scope...

0.3AI score
Exploits0
Citrix
Citrix
added 2018/07/27 12:0 a.m.6 views

How to migrate the XMS Database server from an existing DB to a cloned DB server

How to migrate the XMS Database server from an existing DB server to a cloned DB server ? Below are the steps which can be followed if we need to migrate XMS DB server to a cloned DB server which has a different IP address. 1. Login to XenMobile server. 2. Select Configuration and then select...

7.7AI score
Exploits0
OSV
OSV
added 2018/04/13 1:29 p.m.3 views

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

9.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder