Lucene search
K

57 matches found

Prion
Prion
added 2022/10/24 2:15 p.m.18 views

Command injection

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

5.8CVSS7.6AI score0.05241EPSS
Exploits1References5Affected Software2
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.8 views

Vesta Control Panel 参数注入漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A parameter injection vulnerability exists in Vesta Control Panel versions prior to 0.9.8-26-43 and Vesta Control Panel versions prior to 0.9.8-26, which stems from the fact that when it sends an HTTP POST request to the...

7.2CVSS7.7AI score0.05241EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.7 views

PT-2022-12942 · Unknown · Vesta Control Panel

Name of the Vulnerable Software and Affected Versions: myVesta Control Panel versions prior to 0.9.8-26-43 Vesta Control Panel versions prior to 0.9.8-26 Description: The issue allows an authenticated and remote administrative user to execute arbitrary commands. This can be achieved by sending HT...

7.2CVSS7.3AI score0.05241EPSS
Exploits1References7
Zero Day Initiative
Zero Day Initiative
added 2022/10/14 12:0 a.m.22 views

Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The iss...

4.4CVSS1.6AI score0.45022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/19 3:15 p.m.6 views

CVE-2022-40075

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formfastsettingwifiset...

7.5CVSS7.1AI score0.00857EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.7 views

MiCODUS MV720 GPS 安全漏洞

The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. A security vulnerability exists in the MiCODUS MV720 GPS that originates from an authenticated and insecure direct object reference vulnerability in the main web server on the endpoint and parameterized device IDs, which accepts arbitrary...

7.1CVSS7.3AI score0.00624EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.6 views

MiCODUS MV720 GPS 安全漏洞

MiCODUS MV720 GPS is a GPS tracker from MiCODUS Corporation. A security vulnerability exists in the MiCODUS MV720 GPS tracker that originates from an authenticated, insecure direct object reference vulnerability in the main web server on the endpoint and POST parameter "Device ID" that accepts an...

6.5CVSS7.6AI score0.00866EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2021/06/03 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

7.2CVSS7.4AI score0.05241EPSS
Exploits1References1
OSV
OSV
added 2021/04/30 5:29 p.m.62 views

GHSA-QGCG-P3V2-9H4P Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...

6.5CVSS6.5AI score0.10214EPSS
Exploits0References2
CNVD
CNVD
added 2018/11/28 12:0 a.m.3 views

ShowDoc Cross-Site Request Forgery Vulnerability

ShowDoc is an online document sharing tool. A cross-site request forgery vulnerability exists in server/index.php?s=/api/teamMember/save URL in ShowDoc version 2.4.2. A remote attacker can exploit this vulnerability to add a new user to a team...

6.5CVSS6.5AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/22 12:0 a.m.52 views

GitStack Server User Add Vulnerability

GitStack is a Windows-based version control system. A security vulnerability exists in GitStack 2.3.10 and earlier versions, which stems from the program's failure to adequately filter user input. The vulnerability can be exploited to add a user to the server by sending the username and password...

9.8CVSS7AI score0.80982EPSS
Exploits9References1
Hacker One
Hacker One
added 2015/11/12 12:57 p.m.61 views

QIWI: XML External Entity (XXE) in qiwi.com + waf bypass

While testing tax payment service, I found that your server endpoint https://qiwi.com/order/external/multiple.action is vulnerable to XML External Entity Attack. Despite server doesn’t response with any information, attacker can still use out-of-band XXE technique to read arbitrary files on serve...

1.5AI score
Exploits0
CNVD
CNVD
added 2015/04/14 12:0 a.m.3 views

IBM Security SiteProtector System Local Elevation of Privilege Vulnerability

IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents. A local elevation of privilege vulnerability exists in IBM Security SiteProtector System. This vulnerability could be exploited to allow a...

7CVSS6.7AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2014/02/12 4:50 a.m.30 views

CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

9.3CVSS7.3AI score0.69801EPSS
Exploits6References7
Prion
Prion
added 2014/02/12 4:50 a.m.34 views

Design/Logic Flaw

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

9.3CVSS7.9AI score0.69801EPSS
Exploits6References7Affected Software1
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.16 views

Azure File Sync Agent v14 Release – October 2021

None None...

5.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.92 views

Azure File Sync Agent v9 Release – December 2019

None None...

5.8AI score
Exploits0
Rows per page
Query Builder