Lucene search
+L

187 matches found

Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.5 views

PT-2023-21336 · Wondershare · Wondershare Pdf Reader

Name of the Vulnerable Software and Affected Versions: Wondershare Technology Co.,Ltd PDF Reader version 1.0.1 Description: An issue in Wondershare Technology Co.,Ltd PDF Reader allows a remote attacker to execute arbitrary commands via the pdfreader setup full13143.exe file. Recommendations: For...

7.8CVSS8AI score0.00433EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

9.8CVSS7.8AI score0.95438EPSS
Exploits16References4
Snyk
Snyk
added 2022/10/21 11:59 a.m.4 views

Malicious Package

Overview ceedee is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users into downloading the package which contains a malicious code. This package exfiltrates user data such...

9.8CVSS6.7AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.11 views

The vulnerability of the setup.php configuration file of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to modify the configuration parameters.

The vulnerability of the setup.php configuration file of the Zabbix monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify the configuration parameters remotely...

5.3CVSS7AI score0.84657EPSS
Exploits1References8Affected Software6
UbuntuCve
UbuntuCve
added 2022/01/13 4:15 p.m.34 views

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

5.3CVSS7AI score0.84657EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/01/13 3:50 p.m.15 views

CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

3.7CVSS5.8AI score0.84657EPSS
Exploits1References4
OSV
OSV
added 2021/09/17 8:15 p.m.5 views

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

7.2CVSS7.3AI score0.01601EPSS
Exploits1References1
OSV
OSV
added 2020/08/06 5:15 p.m.5 views

CVE-2020-7817

MyBrowserPlus downloads the files needed to run the program through the setup file Setup.inf. At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files...

7.8CVSS7.2AI score0.0028EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/28 12:0 a.m.5 views

Circontrol CirCarLife Information Disclosure Vulnerability (CNVD-2018-20063)

Circontrol CirCarLife is a parking lot automation system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife versions prior to 4.3, which originates from the program storing sensitive information elements in JSON format in the /services/system/setup.json file. An...

6.5CVSS7.5AI score0.0172EPSS
Exploits5References1
CNVD
CNVD
added 2018/06/25 12:0 a.m.4 views

TP-Link TL-WA850RE Remote Arbitrary Code Execution Vulnerability

The TP-Link TL-WA850RE is a wireless extender. A remote arbitrary code execution vulnerability exists in the TP-Link TL-WA850RE Wi-Fi Range Extender using TL-WA850RE v5 firmware. A remote attacker can exploit this vulnerability by sending the 'wpssetuppin' parameter with shell metacharacters to t...

8.8CVSS9.2AI score0.29144EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/13 12:0 a.m.6 views

Setup file of advance preparation untrusted search path vulnerability

Setup file of advance preparation is an installation file for a series of software released by the National Tax Agency NTA of Japan. An untrusted search path vulnerability exists in the Setup file of advance preparation installer. An attacker can exploit this vulnerability to gain privileges via ...

7.8CVSS7.9AI score0.01128EPSS
Exploits0References1
Prion
Prion
added 2017/07/07 1:29 p.m.12 views

Design/Logic Flaw

Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

6.8CVSS7.7AI score0.01109EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/07/07 1:29 p.m.12 views

CVE-2017-2226

Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS7.8AI score0.01109EPSS
Exploits0References2
NVD
NVD
added 2017/07/07 1:29 p.m.16 views

CVE-2017-2215

Untrusted search path vulnerability in Installer of "Setup file of advance preparation" jizensetup.exe The version which was available on the website prior to 2017 June 12 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS7.7AI score0.01128EPSS
Exploits0References3
CVE
CVE
added 2017/07/07 1:0 p.m.48 views

CVE-2017-2215

The CVE-2017-2215 entry concerns the Installer for the National Tax Agency’s "Setup file of advance preparation" (jizen_setup.exe). Connected sources confirm an untrusted DLL search path vulnerability in the installer, which could allow arbitrary code execution with the privileges of the invoking...

7.8CVSS7.7AI score0.01128EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/07/07 1:0 p.m.44 views

CVE-2017-2226

CVE-2017-2226 concerns a DLL search-path vulnerability in the Setup file of the National Tax Agency’s e-Tax software (WEB version). The installer for versions up to 1.17.0/1.17.1 insecurely loads dynamic libraries from an unspecified directory, enabling arbitrary code execution when a user runs t...

7.8CVSS7.7AI score0.01109EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/07/07 1:0 p.m.21 views

CVE-2017-2215

Untrusted search path vulnerability in Installer of "Setup file of advance preparation" jizensetup.exe The version which was available on the website prior to 2017 June 12 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.7AI score0.01128EPSS
Exploits0References3
CNVD
CNVD
added 2016/12/21 12:0 a.m.4 views

Shield Spirit Public Promotion System setup.php has a reinstallation vulnerability

Shield Spirit public number promotion system is mainly applied to public number promotion affiliate. A reinstallation vulnerability exists in Shield Spirit Public Promotion System setup.php. As the program fails to validate the installation, an attacker can reinstall the system by exploiting the...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2009/04/01 12:0 a.m.21 views

Koschtit Image Gallery 1.82 Local File Inclusion

:local file include: script: koschtitimagegalleryv1.82 download from:http://koschtit..tabere.net/download/ or http://koschtit.tabere.net/en/getit vul:/kibase/kimakepic.php ifisset$GET'file' $file = "../kigalleries/".$GET'file'; else exit; $gallery = substr$GET'file', 0, strpos$GET'file', "/";...

0.1AI score
Exploits0
OSV
OSV
added 2009/03/26 2:30 p.m.3 views

DEBIAN-CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

9.8CVSS9.3AI score0.95438EPSS
Exploits16References1
Rows per page
Query Builder