Lucene search
+L

54 matches found

Prion
Prion
added 2023/01/03 3:15 a.m.24 views

Command injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

6.8CVSS9.2AI score0.01507EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 12:0 a.m.29 views

CVE-2022-46306 ChangingTec ServiSign - Path Traversal

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files...

8.8CVSS8.9AI score0.00917EPSS
Exploits0References1
CVE
CVE
added 2023/01/03 12:0 a.m.51 views

CVE-2022-46306

CVE-2022-46306 affects ChangingTec ServiSign. The vulnerability is a path traversal caused by insufficient filtering of special characters in the DLL file path, enabling an unauthenticated attacker to host a malicious website that causes the component to load arbitrary DLL files, potentially enab...

8.8CVSS7.9AI score0.00917EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.12 views

CVE-2022-46306 ChangingTec ServiSign - Path Traversal

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files...

8.8CVSS8.8AI score0.00917EPSS
Exploits0References1
Prion
Prion
added 2022/11/29 4:15 a.m.19 views

Code injection

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...

6CVSS8.2AI score0.00865EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/29 3:30 a.m.21 views

CVE-2022-41675 TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Formula Injection

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...

8CVSS8.3AI score0.00865EPSS
Exploits0References1
NVD
NVD
added 2022/04/22 7:15 a.m.20 views

CVE-2022-26674

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service...

9.8CVSS0.02597EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.20 views

Mitsubishi Electric GOT products (CVE-2021-20601)

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote...

7.7AI score0.02282EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/11/23 2:42 p.m.41 views

CVE-2021-20601

Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote...

7.7AI score0.02282EPSS
Exploits0References3
Huntr
Huntr
added 2021/08/02 6:20 p.m.23 views

in frangoteam/fuxa

✍️ Description This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. 🕵️‍♂️ Proof of Concept fs.writeFileSyncruntime.settings.userSettingsFile, JSON.stringifyreq.body, null, 4; mergeUserSettingsreq.body; res.end; FIx Consider using a rate-limiting...

1.8AI score
Exploits0References1
Prion
Prion
added 2021/07/09 7:15 p.m.13 views

Information disclosure

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

6CVSS6.1AI score0.00649EPSS
Exploits1References5Affected Software1
The Hacker News
The Hacker News
added 2021/03/01 10:11 a.m.8 views

Chinese Hackers Targeted India's Power Grid Amid Geopolitical Tensions

Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2020/12/29 5:55 p.m.23 views

CVE-2020-1848

There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185C00R2P1. Local attackers construct malicious application files, causing system applications to run abnormally...

5.4AI score0.00187EPSS
Exploits0References1
Fedora
Fedora
added 2012/02/25 8:34 a.m.24 views

[SECURITY] Fedora 16 Update: systemtap-1.7-2.fc16

SystemTap is an instrumentation system for systems running Linux. Developers can write instrumentation scripts to collect data on the operation of the system. The base systemtap package contains/requires the components needed to locally develop and execute systemtap scripts...

5.4CVSS3.2AI score0.0035EPSS
Exploits0
Rows per page
Query Builder