Lucene search
+L

306 matches found

zdi
zdi
added 2023/12/20 12:0 a.m.24 views

D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from...

8.8CVSS7.5AI score0.01187EPSS
Exploits0References1
zdi
zdi
added 2023/12/20 12:0 a.m.25 views

D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack...

8.8CVSS7.5AI score0.00916EPSS
Exploits0References1
zdi
zdi
added 2023/12/20 12:0 a.m.29 views

(0Day) Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The issue results from the lack of proper...

9.8CVSS8.1AI score0.48168EPSS
Exploits0
zdi
zdi
added 2023/12/20 12:0 a.m.14 views

(0Day) Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectEventConfig method. The issue results from the lack of proper...

9.8CVSS8.1AI score0.01331EPSS
Exploits0
zdi
zdi
added 2023/12/13 12:0 a.m.21 views

(0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability

This vulnerability allows remote attackers to bypass policy restictions on affected versions of OpenAI ChatGPT. Authentication is required to exploit this vulnerability. The specific flaw exists within the interface to the ChatGPT-Vision Data model. The issue results from the lack of proper...

6.5CVSS6.9AI score
Exploits0
zdi
zdi
added 2023/12/05 12:0 a.m.42 views

SolarWinds Orion Platform VimChartInfo SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the VimChartInfo class. The issue results from the lack of proper validation of a...

8.8CVSS8.1AI score0.04814EPSS
Exploits0References1
zdi
zdi
added 2023/11/20 12:0 a.m.38 views

NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of prop...

8.8CVSS7.8AI score0.52562EPSS
Exploits0References1
zdi
zdi
added 2023/11/15 12:0 a.m.24 views

Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method. The issue results from the lack of...

7.5CVSS6.3AI score0.01392EPSS
Exploits0References1
zdi
zdi
added 2023/11/15 12:0 a.m.20 views

Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetNewUserId method. The issue results from the lack of proper...

7.5CVSS7.1AI score0.01341EPSS
Exploits0References1
zdi
zdi
added 2023/10/04 12:0 a.m.37 views

Cacti graph_view SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the graphview endpoint. The iss...

8.8CVSS7.7AI score0.00857EPSS
Exploits1References1
zdi
zdi
added 2023/09/29 12:0 a.m.21 views

ManageEngine ADManager Plus installServiceWithCredentials Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the installServiceWithCredentials function. The issue results from the lack of...

7.2CVSS7.4AI score0.11634EPSS
Exploits1References1
zdi
zdi
added 2023/08/24 12:0 a.m.30 views

(Pwn2Own) HP Color LaserJet Pro M479fdw NotifyTo Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the NotifyTo element. The issue results from th...

8.8CVSS7.4AI score0.01849EPSS
Exploits0References1
zdi
zdi
added 2023/07/05 12:0 a.m.30 views

Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the human.aspx endpoint. A crafted request can trigger execution of SQ...

9.8CVSS8AI score0.94716EPSS
Exploits0References1
zdi
zdi
added 2023/06/08 12:0 a.m.26 views

VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportPDF method. The issue results from the lack of proper...

6.5CVSS6.5AI score0.79258EPSS
Exploits0References1
zdi
zdi
added 2023/05/17 12:0 a.m.15 views

Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of setcertificatesconfig requests to the modTMMS endpoint. When...

7.2CVSS7.9AI score0.02425EPSS
Exploits0References1
zdi
zdi
added 2023/05/17 12:0 a.m.17 views

Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of deletecertvec requests to the modTMMS endpoint. When parsing the ...

7.2CVSS7.9AI score0.01721EPSS
Exploits0References1
zdi
zdi
added 2023/05/17 12:0 a.m.34 views

(Pwn2Own) Lexmark MC3224i fax_change_faxtrace_setting Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the faxchangefaxtracesettings script. The issue results from the lack...

8.8CVSS7.3AI score0.37835EPSS
Exploits4References1
zdi
zdi
added 2023/05/15 12:0 a.m.37 views

D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...

6.8CVSS7.4AI score0.0176EPSS
Exploits0References1
zdi
zdi
added 2023/05/15 12:0 a.m.38 views

D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...

6.8CVSS7.4AI score0.0176EPSS
Exploits0References1
zdi
zdi
added 2023/05/01 12:0 a.m.41 views

(Pwn2Own) NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack ...

8.8CVSS7.7AI score0.00877EPSS
Exploits0References1
Rows per page
Query Builder