Lucene search
+L

131 matches found

OSV
OSV
added 2023/05/16 7:17 p.m.7 views

MGASA-2023-0167 Updated connman packages fix security vulnerability

client.c in gdhcp in ConnMan could be used by network-adjacent attackers operating a crafted DHCP server to cause a stack-based buffer overflow and denial of service, terminating the connman process. CVE-2023-28488...

6.5CVSS6.3AI score0.00964EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.7 views

Motorola SmartPTT SCADA 安全漏洞

Motorola SmartPTT SCADA is an integrated voice and data scheduling software application from Motorola USA. A security vulnerability exists in Motorola SmartPTT SCADA version 1.1.0.0. An attacker could exploit the vulnerability by writing a malicious C script and executing code on the server...

7.2CVSS7.2AI score0.02106EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/02/22 12:0 a.m.9 views

CVE-2023-22974

A Path Traversal in setup.php in OpenEMR 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server...

7.4AI score0.01892EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2022/12/02 11:9 a.m.61 views

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...

10CVSS2AI score0.9967EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2022/11/27 12:0 a.m.33 views

Debian dla-3208 : libvarnishapi-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3208 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3208-1 [email protected]...

7.5CVSS7.3AI score0.02106EPSS
Exploits0References6
OSV
OSV
added 2022/10/13 3:15 a.m.8 views

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

8.8CVSS8.9AI score
Exploits0References4
OSV
OSV
added 2022/09/16 7:26 p.m.30 views

GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

8.6CVSS7.8AI score0.01413EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2022/09/07 7:15 p.m.28 views

CVE-2022-36069

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

7.3CVSS7.1AI score0.01413EPSS
Exploits1References4
OSV
OSV
added 2022/09/07 7:15 p.m.27 views

PYSEC-2022-266

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

7.3CVSS1.5AI score0.01413EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/07 6:30 p.m.29 views

CVE-2022-36069 Poetry Argument Injection vulnerability can lead to local Code Execution

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

7.3CVSS8AI score0.01413EPSS
Exploits1References4
CVE
CVE
added 2022/07/01 1:16 p.m.73 views

CVE-2014-3648

The CVE-2014-3648 issue concerns the simplepush server, where notifications are pushed for each registered installation using a deviceToken supplied by the user. The vulnerability arises because a bogus application can register with bad deviceTokens or point to arbitrary HTTP endpoints. This can ...

7.5CVSS7.5AI score0.00907EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/04/15 12:0 a.m.18 views

SAP BusinessObjects Business Intelligence Platform XML外部实体注入漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable...

8.1CVSS2.5AI score0.12476EPSS
Exploits4References1
Prion
Prion
added 2022/03/14 3:15 p.m.17 views

Unrestricted file upload

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

6.5CVSS6.7AI score0.02484EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:51 p.m.34 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7AI score0.02484EPSS
Exploits5References3
CVE
CVE
added 2021/09/14 11:38 a.m.59 views

CVE-2021-36582

Kooboo CMS 2.1.1.0 is affected by a vulnerability that allows uploading a remote shell (aspx) to the server and then triggering it to receive a reverse shell from the victim server. The uploaded file is placed at /Content/Template/root/reverse-shell.aspx and can be invoked by visiting that URL. P...

10CVSS9.4AI score0.0147EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/06/02 12:0 a.m.5 views

Weak Password Vulnerability in Huazhou Private Cloud-CDN Live Streaming Acceleration Server

Shenzhen Huashimida Information Technology Co., Ltd. is a smart hotel IT service provider. A weak password vulnerability exists in the Huashi Private Cloud-CDN live streaming acceleration server, which can be exploited by attackers to obtain sensitive information...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/04/08 12:0 a.m.9 views

WCMS Directory Traversal Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the path parameter of wex/cssjs.php...

5.3CVSS6.7AI score0.01412EPSS
Exploits0References1
Gitee
Gitee
added 2020/12/04 9:14 a.m.41 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Sophos Unified_Threat_Management_Software

SSHTron SSHTron is a multiplayer lightcycle game that runs through SSH. 通过下面命令连接到游戏: $ ssh 192.168.1.111:2022 Controls: WASD or vim keybindings to move do not use your arrow keys. Escape or Ctrl+C to exit. Want to choose color yourself? 有7种颜色可供选择: Red, Green, Yellow, Blue, Magenta, Cyan and White...

8.1CVSS7.8AI score0.63468EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2020/05/14 12:0 a.m.3 views

HTTP Host Header Injection

A host header injection is inserting both the carriage return and linefeed characters into user input to trick the server. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

3.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/05 12:0 a.m.106 views

PhreeBooks ERP 5.2.5 Remote Command Execution

Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmail BOZKURT...

0.1AI score
Exploits0
Rows per page
Query Builder