Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

399 matches found

Exploit DB
Exploit DBadded 2023/05/05 12:0 a.m.391 views

Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)

Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Date: 2023-05-02 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" ta...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2023/05/05 12:0 a.m.322 views

Wolf CMS 0.8.3.1 Shell Upload

Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Date: 2023-05-02 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" ta...

7.1AI score
Exploits0
CNNVD
CNNVDadded 2023/04/15 12:0 a.m.3 views

LilyPond 代码注入漏洞

LilyPond is an open source music sculpting software. A security vulnerability exists in LilyPond 0.3.0 and earlier versions, which stems from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary Scheme or shell code by generating sheet music containing...

9.8CVSS9.4AI score0.2453EPSS
Exploits1References6
CVE
CVEadded 2023/04/15 12:0 a.m.51 views

CVE-2020-29007

The CVE-2020-29007 entry concerns MediaWiki’s Score extension up to version 0.3.0, where the vulnerability arises from improper sandboxing of the GNU LilyPond executable. This allows any user with article-edit capability—potentially unauthenticated users—to trigger remote code execution by crafti...

9.8CVSS9.7AI score0.2453EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2023/04/15 12:0 a.m.13 views

CVE-2020-29007

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles potentially including unauthenticated anonymous users to execute arbitrary Scheme or shell cod...

9.9AI score0.2453EPSS
Exploits1References5
Exploit DB
Exploit DBadded 2023/03/30 12:0 a.m.269 views

4images 1.9 - Remote Command Execution (RCE)

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

7.4AI score
Exploits0
Prion
Prionadded 2023/03/15 11:15 p.m.11 views

Command injection

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

5.8CVSS7.4AI score0.01103EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/03/15 12:0 a.m.46 views

CVE-2023-28460

CVE-2023-28460 affects Array Networks APV products. A command injection vulnerability allows a remote attacker, after admin authentication, to send a crafted packet and achieve arbitrary shell code execution. Impact is described as high with network access and requires admin privileges. Remediati...

7.2CVSS7.3AI score0.01103EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/03/15 12:0 a.m.11 views

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

7.5AI score0.01103EPSS
Exploits0References1
CNNVD
CNNVDadded 2023/03/15 12:0 a.m.1 views

Array Networks APV products 命令注入漏洞

Array Networks APV products are a family of array load balancing and application delivery products from Array Networks, Inc. provides the availability, scalability, performance, security, and control necessary to keep applications running in their power band. A security vulnerability exists in...

7.2CVSS7.6AI score0.01103EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/03/15 12:0 a.m.6 views

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

7.3AI score0.01103EPSS
Exploits0References1
CNVD
CNVDadded 2023/02/20 12:0 a.m.8 views

Fortinet FortiADC Command Injection Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC suffers from a command injection vulnerability, which stems from an improper neutralization of special elements used in os commands, that can be exploited by an attacker to execute arbitrary shell code a...

7.8CVSS7.9AI score0.00605EPSS
Exploits0References1
NVD
NVDadded 2023/02/16 7:15 p.m.15 views

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

7.8CVSS8AI score0.00605EPSS
Exploits0References1
NVD
NVDadded 2023/02/16 7:15 p.m.14 views

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

8.8CVSS9AI score0.01317EPSS
Exploits0References1
Prion
Prionadded 2023/02/16 7:15 p.m.14 views

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

4.3CVSS8AI score0.00605EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/02/16 7:15 p.m.13 views

Command injection

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

6.5CVSS8.9AI score0.01317EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/02/16 6:6 p.m.13 views

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

7.8CVSS8.2AI score0.00605EPSS
Exploits0References1
CVE
CVEadded 2023/02/16 6:6 p.m.39 views

CVE-2022-27482

Fortinet FortiADC is affected by CVE-2022-27482 due to improper neutralization of special elements in OS commands, enabling local attackers to run arbitrary shell code as root via CLI. Affected versions span 7.0.0–7.0.1, 6.2.0–6.2.2, 6.1.0–6.1.6, 6.0.x, and 5.x.x. The underlying issue is an OS co...

7.8CVSS7.9AI score0.00605EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/02/16 6:5 p.m.7 views

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

8.8CVSS7.7AI score0.01317EPSS
Exploits0References1
Fortinet
Fortinetadded 2023/02/16 12:0 a.m.29 views

FortiWeb - OS command injection in Web GUI

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

6.5CVSS8.9AI score0.01317EPSS
Exploits0Affected Software1
Rows per page
Query Builder