59522 matches found
CVE-2013-0322
Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the “iface” GET parameter in /ajax/networking/getnetcfg.php, when the “iface” parameter value contains special characters such as “;” which enables an unauthenticated attacker to execute arbitrary OS commands. Recent assessments: Assessed Attacker...
CVE-2016-10401
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known or a non-root default account exists within an ISP’s deployment of these devices. Recent assessments: Assessed Attacker Value: 0 Assesse...
CVE-2017-0199
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office/WordPad Remote Co...
CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2013-3346
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,...
CVE-2022-30023
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function...
Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface
Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart vmcore. By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service DoS. Affecte...
CVE-2024-48217
An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-12720 vBulletin incorrect access control
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. Recent assessments: ccondon-r7 at June 11, 2020 5:05pm UTC reported: Vuln affects versions 5.0.0 to 5.5.4 and is weaponized in the form of a Metasploit module: Credit to Charles Fol for...
CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Recent assessments: cbeek-r7 at September 06, 2024 6:10pm UTC reported: On September 5th 2024, CISA released a security bulletin highlighting the...
CVE-2021-24074
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094. Recent assessments: bwatters-r7 at February 09, 2021 9:16pm UTC reported: This remains a spectacularly new vulnerability with little documentation associated with it beyond Microsoft’s blog here: In the...
Zimbra Collaboration Suite ProxyServlet SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details According to the blog post A Saga of...
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Recent assessments: jheysel-r7 at November 29, 2023 9:40pm UTC reported: The Royal...
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS. Recent assessments: wvu-r7 at April 08, 2020 6:31pm UTC reported: A Metasploit module has been written:...
CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. Recent assessments: zeroSteiner at February 26, 2020 5:02pm UTC reported: This is a serialization bug...
CVE-2021-24370
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-16898 aka Bad Neighbor / Ping of Death Redux
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an...
CVE-2017-12542
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 iLO 4 version prior to 2.53 was found. Recent assessments: noraj at March 06, 2022 8:11pm UTC reported: I found many many servers, during penetration testing, on corporate environment that have an integrate...
CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. Recent assessments: remmons-r7 at June 03, 2024 6:57pm UTC reported: So far,...
CVE-2022-22047
Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2017-12149
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code vi...
CVE-2023-21674
Windows Advanced Local Procedure Call ALPC Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-14883 — Authenticated RCE in Console component of Oracle WebLogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...
CVE-2020-2555
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching,CacheStore,Invocation. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 ...
CVE-2021-41349
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305. Recent assessments: terminatordoink at November 19, 2021 2:40am UTC reported: Active POCs are already being shared and can be used to exploit vulnerable sharepoint servers Assessed Attacker Value: 0 Assess...
CVE-2022-21907
HTTP Protocol Stack Remote Code Execution Vulnerability...
CVE-2021-26419
Scripting Engine Memory Corruption Vulnerability Recent assessments: architect00 at May 14, 2021 10:33am UTC reported: Details The vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the jscript9.dll library, which is used to execute javascript. Possible attack...
CVE-2011-2189
net/core/netnamespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service memory consumption via requests to a daemon that requires a separate namespace...
CVE-2012-0158
The 1 ListView, 2 ListView2, 3 TreeView, and 4 TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1...
CVE-2022-26352
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...
CVE-2019-2729
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2017-2345
On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it ma...
CVE-2013-4878
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...
CVE-2009-0545 — ZeroShell Remote Code Execution
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. Recent assessments: hrbrmstr at September 10, 2020 2:42pm UTC reported: MSF module — Assessed Attacker Value: 5...
CVE-2021-35211
Microsoft discovered a remote code execution RCE vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U...
CVE-2020-5135
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 versio...
Exim SMTP server RCE via base64d
Exim SMTP email server versions before 4.90 are vulnerable to remote code execution via a vulnerability in Base64 decoding. Recent assessments: asoto-r7 at June 25, 2019 6:25pm UTC reported: There are a few PoCs for this one. Exim is a bear to setup and I wouldn’t be shocked to find unpatched...
CVE-2010-1592
sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and earlier allows local users to gain privileges or cause a denial of service system crash via unspecified vectors involving “Model-Specific Registers.” Recent assessments: Assessed Attacker Value: 0...
CVE-2021-26084 Confluence Server OGNL injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...
CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: gwillcox-r7 at July 14, 2021 5:15pm UTC reported: From https://blog.talosintelligence.com/2021/07/microsoft-patch-tuesday-for-july-2021.html there was a note that this vulnerability seems to have been used in some...
CVE-2021-21978
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could uploa...
CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-0609
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: AmirFedida at February 15, 2022 8:23am UTC reported: Google is aware of reports that an exploit for CVE-2022-0609 exist...
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow via...
CVE-2017-7481
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...
Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary co...