Lucene search
K

1227 matches found

NVD
NVD
added 2020/11/30 6:15 p.m.13 views

CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

10CVSS9.8AI score0.36672EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/11/30 5:24 p.m.16 views

CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

9.8AI score0.36672EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/11/24 12:0 a.m.7 views

TotoLink A850r-v1 安全漏洞

TOTOLINK A850R-V1 is a wireless dual-band router.TOTOLINK A850R-V1 version 1.0.1-B20150707.1612 and F1-V2 version 1.1-B20150708.1646 contain a security vulnerability that could be exploited by attackers to execute remote code via the formSysCmd sysCmd parameter in the management interface to...

10CVSS7.6AI score0.04218EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2020/10/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

9CVSS7.4AI score0.23955EPSS
Exploits1References1
OSV
OSV
added 2020/09/16 2:15 p.m.17 views

CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

8.8CVSS7.1AI score
Exploits0References2
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.26 views

CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

8.9AI score0.01623EPSS
Exploits0References2
CVE
CVE
added 2020/09/16 1:20 p.m.69 views

CVE-2020-2276

CVE-2020-2276 affects the Jenkins Selection tasks Plugin (version 1.0 and earlier). The issue allows attackers with Job/Configure permission to run an arbitrary system command on the Jenkins controller by executing a user-specified program, effectively substituting the OS user that the Jenkins pr...

9CVSS8.8AI score0.01623EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/08/14 7:15 p.m.12 views

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

10CVSS9.5AI score0.04205EPSS
Exploits1References4
Prion
Prion
added 2020/08/07 4:15 p.m.11 views

Command injection

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...

9CVSS8.4AI score0.01368EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/08/07 3:53 p.m.47 views

CVE-2020-11852

CVE-2020-11852 is a command-injection vulnerability in Micro Focus Secure Messaging Gateway (SMG) affecting the DKIM key management page. The issue allows a logged-in user with rights to generate DKIM key information to inject system commands into the DKIM system command call. Affected are SMG Ap...

9CVSS8.4AI score0.01368EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/08/06 4:15 p.m.22 views

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

8.8CVSS8.6AI score0.03778EPSS
Exploits5References2
Cvelist
Cvelist
added 2020/08/06 3:45 p.m.35 views

CVE-2020-7356 Cayin xPost SQL Injection

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

10CVSS10AI score0.14014EPSS
Exploits5References2
Cvelist
Cvelist
added 2020/08/06 3:45 p.m.28 views

CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

8.4CVSS8.8AI score0.03778EPSS
Exploits5References2
Check Point Advisories
Check Point Advisories
added 2020/07/23 12:0 a.m.4 views

Eaton Intelligent Power Manager system_srv Command Injection (CVE-2020-6651)

A command injection vulnerability exists in Eaton Intelligent Power Manager. The vulnerability is due to a lack of validation of a user-supplied string in requests handled by systemsrv.js before using it to execute a system command...

6CVSS3.5AI score0.02147EPSS
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/06/04 12:0 a.m.122 views

Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution

Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...

10CVSS7.6AI score0.14014EPSS
Exploits5
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

IBM Security Guardium OS Command Injection Vulnerability (CNVD-2020-32648)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an operating system command injecti...

9CVSS8AI score0.03013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.6 views

PT-2020-15410 · Jenkins · Jenkins Selenium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Selenium Plugin versions 3.141.59 and earlier Description: The issue concerns a lack of CSRF protection for HTTP endpoints in the Jenkins Selenium Plugin, allowing attackers to perform administrative actions. Specifically, this enable...

8CVSS8.1AI score0.00937EPSS
Exploits0References7
Cisco
Cisco
added 2020/05/06 4:0 p.m.26 views

Cisco Firepower Threat Defense Software Shell Access Vulnerability

A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature...

6.7CVSS6.5AI score0.00305EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.15 views

Fedora 30 : php (2020-96cb012029)

PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...

5.5AI score
Exploits0References1
CNVD
CNVD
added 2020/04/17 12:0 a.m.2 views

NETGEAR D3600, D6000 and XR500 OS Command Injection Vulnerability (CNVD-2020-27256)

NETGEAR XR500 and others are products of NETGEAR Corporation.NETGEAR XR500 is a wireless router.NETGEAR D3600 is a wireless modem.NETGEAR D6000 is a wireless modem.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless...

8CVSS7.9AI score0.00706EPSS
Exploits0References1
Rows per page
Query Builder