Lucene search
K

306 matches found

Zero Day Initiative
Zero Day Initiative
added 2024/10/23 12:0 a.m.11 views

VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the listExtensions method. The issue results from the lack of proper...

8.8CVSS7.7AI score0.14672EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/09/11 12:0 a.m.7 views

Ivanti Endpoint Manager loadModuleTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadModuleTable method. The issue results from the lack of...

7.2CVSS7.7AI score0.24005EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/21 4:14 p.m.16 views

CVE-2024-5723 Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability

Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHost...

8.8CVSS8.9AI score0.40669EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/19 12:0 a.m.6 views

LG Simple Editor Remote Code Execution Vulnerability (CNVD-2024-33681)

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by not properly validating a user-supplied string before executing a...

9.8CVSS7.8AI score0.0196EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/07/18 12:0 a.m.15 views

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of prope...

8.8CVSS7.8AI score0.01862EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.26 views

(Pwn2Own) Silicon Labs Gecko OS Debug Interface Format String Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper...

4.3CVSS6.6AI score0.00379EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.15 views

(Pwn2Own) Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDMwemCmdCreatSHA256Hash function. The issue results from the lack...

6.8CVSS7.5AI score0.01026EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/06/10 12:0 a.m.10 views

Centreon updateServiceHost_MC SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHostMC function. The issue results from the lack of proper validation of a...

8.8CVSS8.1AI score0.19187EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Filename Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

6.8CVSS7.6AI score0.01265EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.15 views

Ivanti Endpoint Manager GetDBPatchProducts SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBPatchProducts method. The issue results from the...

9.8CVSS8.1AI score0.71685EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.26 views

Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordGoodApp method. The issue results from the lack ...

9.8CVSS8.1AI score0.99951EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.21 views

Ivanti Endpoint Manager GetLogFileRulesNameUniqueSQL SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesNameUniqueSQL method. The issue results from the lack of proper...

7.2CVSS8.1AI score0.08484EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.19 views

Ivanti Endpoint Manager GetLogFileRulesSQL SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesSQL method. The issue results from the lack of proper validation ...

7.2CVSS8.1AI score0.08233EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.28 views

Ivanti Endpoint Manager GetRulesetsSQL SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetRulesetsSQL method. The issue results from the lack of proper validation of a...

7.2CVSS8.1AI score0.08484EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.16 views

Ivanti Endpoint Manager RecordBrokenApp SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordBrokenApp method. The issue results from the lac...

9.8CVSS8.1AI score0.99877EPSS
Exploits0References1
CVE
CVE
added 2024/05/23 9:29 p.m.134 views

CVE-2024-5291

CVE-2024-5291 affects D-Link DIR-2150. The vulnerability resides in the SOAP API interface listening on TCP port 80, where insufficient validation of a user-supplied string before executing a system call allows network-adjacent attackers to achieve remote code execution in the router context (roo...

8.8CVSS9.2AI score0.01966EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/05/19 12:0 a.m.27 views

(Pwn2Own) QNAP TS-464 Netmgr Endpoint CRLF Injection Arbitrary Configuration Update Vulnerability

This vulnerability allows remote attackers to create arbitrary configurations on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to access the device's localhost interface, which can be accomplished using a malicious TURN server. The specific flaw exis...

7.4CVSS6.6AI score0.00419EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/19 12:0 a.m.55 views

(Pwn2Own) QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the authLogin...

8.8CVSS7.8AI score0.18677EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:16 a.m.15 views

CVE-2023-51595

Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

9.8CVSS9.9AI score0.48168EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.33 views

CVE-2023-41227

D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

6.8CVSS7.1AI score0.00705EPSS
Exploits0References2
Rows per page
Query Builder