CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

NVD•added 2024/04/26 6:15 p.m.•15 views

CVE-2024-33344

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of uploadfirmware.cgi, which allows remote attackers to execute arbitrary commands via shell...

9.8CVSS8.2AI score0.53688EPSS

Exploits1References2

Vulnrichment•added 2024/04/26 12:0 a.m.•11 views

CVE-2024-33342

D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...

8.8AI score0.00518EPSS

Exploits1References2

Cvelist•added 2024/04/26 12:0 a.m.•13 views

CVE-2024-33342

D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...

8.4AI score0.00518EPSS

Exploits1References2

Cvelist•added 2024/04/26 12:0 a.m.•10 views

CVE-2024-33344

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of uploadfirmware.cgi, which allows remote attackers to execute arbitrary commands via shell...

8.4AI score0.53688EPSS

Exploits1References2

Cvelist•added 2024/04/26 12:0 a.m.•12 views

CVE-2024-33343

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...

8.4AI score0.08911EPSS

Exploits1References2

Prion•added 2023/09/22 5:15 p.m.•11 views

Command injection

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint...

7.7CVSS8.8AI score0.00175EPSS

Exploits0References1Affected Software1

OSV•added 2022/12/06 9:13 p.m.•30 views

GHSA-MHHF-VGWH-FW9H Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

8.2CVSS6.4AI score0.00385EPSS

Exploits0References6

Github Security Blog•added 2022/12/06 9:13 p.m.•43 views

Passeo uses insecure random number generator

7.5CVSS7.3AI score0.00385EPSS

Exploits0References6Affected Software1

Prion•added 2022/06/27 1:15 p.m.•9 views

Denial of service

A Regular Expression Denial of Service ReDOS vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails...

5CVSS7.5AI score0.00334EPSS

Exploits1References1Affected Software1

CVE•added 2022/06/27 11:33 a.m.•48 views

CVE-2021-40900

CVE-2021-40900 affects regexfn v1.0.5, where the isEmail validation can be abused by crafted invalid emails to trigger a ReDoS. Root cause: the regex handling allows excessive processing under certain inputs. Impact: potential application denial of service; CVSSv3.1 base score 7.5 (HIGH), network...

7.5CVSS7.5AI score0.00334EPSS

Exploits1References1Affected Software1

Prion•added 2022/06/27 10:15 a.m.•15 views

Denial of service

A Regular Expression Denial of Service ReDOS vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls...

5CVSS7.5AI score0.00334EPSS

Exploits1References1Affected Software1

IBM Security Bulletins•added 2020/02/28 6:23 p.m.•16 views

Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283)

Summary IBM Security Information Queue ISIQ stores the JSON web token JWT secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration. Vulnerability Details CVEID: CVE-2020-4283 DESCRIPTION: IBM Security Information Queue ISIQ...

8.6CVSS0.00061EPSS

Exploits0Affected Software1

Kitploit•added 2018/07/21 1:26 p.m.•17 views

CMSeeK v1.0.5 - CMS Detection And Exploitation Suite

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.5 19-07-2018 - Version 1.0.4...

7.1AI score

Exploits0References3

Prion•added 2017/11/17 2:29 a.m.•9 views

Null pointer dereference

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's onunregisterhandler function resulting in denial of service...

5CVSS7.3AI score0.00367EPSS

Exploits0References2Affected Software1

NVD•added 2016/10/10 8:59 p.m.•12 views

CVE-2016-1000138

Reflected XSS in wordpress plugin indexisto v1.0.5...

6.1CVSS6AI score0.06584EPSS

Exploits2References3

Prion•added 2016/10/10 8:59 p.m.•15 views

Cross site scripting

Reflected XSS in wordpress plugin indexisto v1.0.5...

4.3CVSS6.2AI score0.06584EPSS

Exploits2References3Affected Software1

Cvelist•added 2016/10/10 8:0 p.m.•18 views

CVE-2016-1000138

Reflected XSS in wordpress plugin indexisto v1.0.5...

6AI score0.06584EPSS

Exploits2References3

CVE•added 2016/10/10 8:0 p.m.•70 views

CVE-2016-1000138

The CVE-2016-1000138 entry relates to the WordPress indexisto plugin (v1.0.5 and earlier) with a reflected XSS vulnerability in the plugin’s indexisto component. The connected Nuclei template and related advisories confirm that the flaw allows an attacker to execute arbitrary browser-side script ...

6.1CVSS5.9AI score0.06584EPSS

Exploits2References3Affected Software1