Lucene search
K

306 matches found

Zero Day Initiative
Zero Day Initiative
added 2023/04/14 12:0 a.m.24 views

Schneider Electric APC Easy UPS Online getMacAddressByIP Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMacAddressByIP function. The issue results from the lack o...

9.8CVSS9.3AI score0.01223EPSS
Exploits0References1
NVD
NVD
added 2023/03/29 7:15 p.m.41 views

CVE-2022-43644

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...

8.8CVSS8.9AI score0.00962EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.21 views

CVE-2022-43645

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP po...

8.8CVSS8.9AI score0.00962EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.35 views

CVE-2022-42433

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841NUSV14220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8CVSS7.1AI score0.00603EPSS
Exploits0References1
NVD
NVD
added 2023/03/29 7:15 p.m.24 views

CVE-2022-42428

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

8.8CVSS8.1AI score0.0287EPSS
Exploits0References1
NVD
NVD
added 2023/03/29 7:15 p.m.15 views

CVE-2022-36976

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...

9.8CVSS9.6AI score0.06534EPSS
Exploits0References2
Prion
Prion
added 2023/03/29 7:15 p.m.17 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue...

5.8CVSS8.8AI score0.00962EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/03/29 7:15 p.m.18 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by defaul...

5.8CVSS8.9AI score0.01091EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/29 7:15 p.m.15 views

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can...

7.5CVSS9.6AI score0.06534EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/29 7:15 p.m.18 views

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can...

7.5CVSS9.6AI score0.06534EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.43 views

CVE-2022-43646

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP...

8.8CVSS9AI score0.00962EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.32 views

CVE-2022-43643

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TC...

8.8CVSS9AI score0.01947EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.26 views

CVE-2022-43645

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP po...

8.8CVSS9AI score0.00962EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.42 views

CVE-2022-43647

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue...

8.8CVSS9AI score0.00962EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.23 views

CVE-2022-43642

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TC...

8.8CVSS9AI score0.00962EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/03/07 12:0 a.m.30 views

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...

7.8CVSS3.8AI score0.00321EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/01/31 12:0 a.m.40 views

Cacti poll_for_data Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pollfordata function. The issue results from the lack of proper validation of a user-supplied...

9.8CVSS3.8AI score0.99826EPSS
Exploits48References1
Zero Day Initiative
Zero Day Initiative
added 2022/12/28 12:0 a.m.29 views

D-Link DIR-825/EE xupnpd YouTube Plugin Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port...

8.8CVSS4.1AI score0.00962EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/12/28 12:0 a.m.41 views

D-Link DIR-825/EE xupnpd Upload Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue result...

8.8CVSS4.5AI score0.00962EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/10/25 12:0 a.m.53 views

TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated...

6.4CVSS4AI score0.00603EPSS
Exploits0
Rows per page
Query Builder