Lucene search
K

123 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-7632

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.6 views

CVE-2023-7309

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform, affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files ...

10CVSS8.3AI score0.00758EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 10:15 p.m.10 views

CVE-2023-7309

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform, affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files ...

10CVSS0.00758EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.6 views

PT-2025-34938 · Dahua · Dahua Smart Campus Integrated Management Platform +1

Name of the Vulnerable Software and Affected Versions: Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform affected versions not specified Description: A path traversal vulnerability exists in the SOAP-based GIS bitmap upload...

10CVSS7.7AI score0.00758EPSS
Exploits0References8
OSV
OSV
added 2025/06/23 4:15 p.m.5 views

CVE-2023-47032

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function...

9.8CVSS6.1AI score0.00704EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.11 views

CVE-2021-20175

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

7.5CVSS6.5AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.16 views

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...

8.8CVSS7.5AI score0.03199EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.168 views

Atlassian Crowd XML Entity Expansion Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Crowd XML Entity Expansion Remote File Access', 'Description' = %q This module simply attempts to read a remote file from the server...

9.1CVSS7.4AI score0.66578EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.160 views

SAP Management Console Brute Force

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Brute Force', 'Description' = %q This module simply attempts to brute force the username and password for the SAP Manageme...

7.4AI score
Exploits0
OSV
OSV
added 2024/05/03 2:15 a.m.6 views

CVE-2023-34282

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this...

8.8CVSS5.8AI score0.01108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.4 views

CVE-2023-34280

D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability...

8CVSS6.2AI score0.0176EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/03 2:15 a.m.4 views

CVE-2023-34280

D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability...

8CVSS6.2AI score0.0176EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 2:15 a.m.5 views

CVE-2023-34275

D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...

8CVSS6.2AI score0.0176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.6 views

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

8CVSS6.2AI score0.0176EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.12 views

CVE-2023-34276

D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

8CVSS6.2AI score0.0176EPSS
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/02/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-7309

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform, affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary...

10CVSS5.8AI score0.00758EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.6 views

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP allows a perpetrator to execute arbitrary code.

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP involves the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

8.5CVSS8.5AI score0.72646EPSS
Exploits0References2Affected Software12
Rapid7 Blog
Rapid7 Blog
added 2023/02/01 3:57 p.m.85 views

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...

0.3AI score0.87987EPSS
Exploits9
CNVD
CNVD
added 2022/01/03 12:0 a.m.26 views

Netgear Nighthawk R6700 Command Injection Vulnerability

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. A command injection vulnerability exists in the Netgear Nighthawk R6700, which stems from the fact that the product supports update checking via the soap interface and can be injected with a pre-set value. No details of the...

8.8CVSS2AI score0.03199EPSS
Exploits1References1
NVD
NVD
added 2021/12/30 10:15 p.m.19 views

CVE-2021-20175

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

7.5CVSS0.00589EPSS
Exploits0References1
Rows per page
Query Builder