Lucene search
K

104 matches found

OSV
OSV
added 2024/07/18 10:15 a.m.59 views

CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

7.5CVSS6.5AI score
Exploits0References3
OSV
OSV
added 2024/07/01 7:15 p.m.166 views

CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS7AI score0.99957EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2024/07/01 7:15 p.m.59 views

CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS7.5AI score0.99957EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/06/11 2:38 p.m.37 views

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS0.00607EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/10 7:26 a.m.23 views

Remote Code Execution (RCE)

aimeos/aimeos-core is vulnerable to Remote Code Execution RCE. The vulnerability is caused by improper file upload validation, allowing users with administrative privileges to upload files disguised as images but containing PHP code, which can then be executed in the context of the web server...

7.9AI score
Exploits0
OSV
OSV
added 2024/06/05 1:29 p.m.17 views

GHSA-RHC2-23C2-WW7C Remote code execution in web server context

Impact User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...

7.2CVSS7.1AI score0.00607EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2023/05/04 12:0 a.m.40 views

Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of charts. Tampering with client-side data can trigger the...

8.8CVSS7.5AI score0.11576EPSS
Exploits0References1
Prion
Prion
added 2023/04/19 12:15 a.m.19 views

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile or any other document with the wiki editor and add groovy script content. Viewing the document after...

6.5CVSS8.8AI score0.0109EPSS
Exploits1References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/04/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-29492

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...

9.8CVSS7.7AI score0.0269EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.8 views

SUSE CVE-2010-1870

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "" protection mechanis...

5CVSS9.7AI score0.91079EPSS
Exploits22References3
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.7 views

s3-uploader 操作系统命令注入漏洞

s3-uploader is flexible and efficient for image resizing, renaming and uploading to Amazon S3 disk storage. A security vulnerability in Turistforeningen node-s3-uploader 2.0.3 and earlier stems from a Node.js package insecurely passing data to the metadata function, which ultimately connects to a...

10CVSS8.5AI score0.02979EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 2:11 a.m.1 views

GHSA-WXW2-2MX5-C5QF Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

5CVSS6AI score0.394EPSS
Exploits1References13
CNVD
CNVD
added 2022/05/07 12:0 a.m.30 views

F5 Traffix SDC Cross-Site Template Injection Vulnerability

F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5 USA, Inc. F5 Traffix SDC is vulnerable to cross-site template injection, which can be exploited by attackers to execute language-specific commands in the template server context...

4.8CVSS5.7AI score0.00451EPSS
Exploits0References1
NVD
NVD
added 2022/05/05 5:15 p.m.25 views

CVE-2022-27662

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...

4.8CVSS0.00451EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.5 views

F5 Traffix SDC 安全漏洞

F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5 USA, Inc. F5 Traffix SDC is vulnerable to cross-site template injection, which can be exploited by attackers to execute language-specific commands in the template server context...

4.8CVSS5.4AI score0.00451EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2022/03/01 12:0 a.m.12 views

(0Day) Delta Industrial Automation DIAEnergie HandlerPage_KID Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAEnergie. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9.8CVSS4.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/01/26 2:51 p.m.3 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
OSV
OSV
added 2021/08/30 6:15 p.m.4 views

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

9.8CVSS6.1AI score0.03455EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/10 12:0 a.m.2 views

Microsoft SharePoint Spoofing Vulnerability (CNVD-2020-63721)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

4.9CVSS7AI score0.01772EPSS
Exploits1References1
NVD
NVD
added 2020/07/28 6:15 p.m.33 views

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

6.3CVSS6.7AI score0.01285EPSS
Exploits0References1
Rows per page
Query Builder