Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2012/02/11 12:0 a.m.•135 views

Telnetd Encryption Key ID Code Execution

Added: 02/11/2012 CVE: CVE-2011-4862 BID: 51182 OSVDB: 78020 Background Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Problem The flaw is caused due to a...

10CVSS7AI score0.95104EPSS
Exploits19
Saint
Saint
•added 2008/07/23 12:0 a.m.•135 views

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...

10CVSS8.9AI score0.04267EPSS
Exploits4
Saint
Saint
•added 2026/01/26 12:0 a.m.•134 views

Cisco Unified Communications Manager command injection

Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...

6AI score
Exploits0
Saint
Saint
•added 2019/10/24 12:0 a.m.•134 views

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

8.3AI score
Exploits0
Saint
Saint
•added 2019/11/25 12:0 a.m.•133 views

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

10CVSS9.5AI score0.98092EPSS
Exploits12
Saint
Saint
•added 2012/05/15 12:0 a.m.•133 views

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

7.5CVSS10AI score0.99998EPSS
Exploits42
Saint
Saint
•added 2012/03/26 12:0 a.m.•133 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

7.5CVSS9.7AI score0.88829EPSS
Exploits16
Saint
Saint
•added 2005/12/22 12:0 a.m.•132 views

MySQL MaxDB WebTools special character buffer overflow

Added: 12/22/2005 CVE: CVE-2005-0684 BID: 13368 OSVDB: 15816 Background MaxDB is a SAP-certified open-source database developed by MySQL. The WebTools component offers a set of database tools which are accessible from a web browser. The wahttp program listens on port 9999 and processes HTTP...

10CVSS7AI score0.68504EPSS
Exploits7
Saint
Saint
•added 2022/05/20 12:0 a.m.•130 views

Zyxel Firewall SetWanPortSt command injection

Added: 05/20/2022 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrar...

7.3AI score
Exploits0
Saint
Saint
•added 2012/05/15 12:0 a.m.•129 views

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

9.8CVSS10AI score0.99998EPSS
Exploits42
Saint
Saint
•added 2026/01/26 12:0 a.m.•128 views

telnetd argument injection vulnerability

Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...

9.8CVSS5.5AI score0.98871EPSS
Exploits62
Saint
Saint
•added 2025/12/11 12:0 a.m.•128 views

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

7.8AI score
Exploits0
Saint
Saint
•added 2025/08/27 12:0 a.m.•128 views

Citrix Session Recording deserialization vulnerability

Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...

8CVSS7.7AI score0.14736EPSS
Exploits2
Saint
Saint
•added 2025/07/02 12:0 a.m.•128 views

WingFTP username null byte command execution

Added: 07/02/2025 Background Wing FTP Server is free FTP server software for Windows, Linux, and Mac OS. Problem A command injection vulnerability allows a remote unauthenticated attacker to execute arbitrary commands by sending a username with a null byte in a login request. Resolution Upgrade t...

8.8AI score
Exploits0
Saint
Saint
•added 2024/11/20 12:0 a.m.•128 views

PAN-OS management interface authentication bypass

Added: 11/20/2024 CVE: CVE-2024-0012 Background Palo Alto Networks firewall provides policy-based visibility and control over applications, users and threats. Problem An authentication bypass vulnerability combined with a command injection vulnerability in the PAN-OS management interface allows...

9.8CVSS8.8AI score0.99698EPSS
Exploits18
Saint
Saint
•added 2022/08/30 12:0 a.m.•128 views

Zimbra Collaboration Suite mboximport path traversal

Added: 08/30/2022 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem A path traversal vulnerability in the mboximport function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command...

7.8AI score
Exploits0
Saint
Saint
•added 2014/11/20 12:0 a.m.•128 views

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

10CVSS10AI score0.99999EPSS
Exploits132
Saint
Saint
•added 2025/01/03 12:0 a.m.•127 views

Four-Faith Router adjust_sys_time command injection

Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...

7.2CVSS8.2AI score0.82192EPSS
Exploits4
Saint
Saint
•added 2022/07/18 12:0 a.m.•127 views

Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution

Added: 07/18/2022 Background Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications. Problem A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to t...

7.8AI score
Exploits0
Saint
Saint
•added 2012/05/15 12:0 a.m.•127 views

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

7.5CVSS10AI score0.99998EPSS
Exploits42
Saint
Saint
•added 2026/01/23 12:0 a.m.•126 views

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

6.3AI score
Exploits0
Saint
Saint
•added 2021/02/03 12:0 a.m.•126 views

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

8.3AI score
Exploits0
Saint
Saint
•added 2009/04/29 12:0 a.m.•126 views

Microsoft SQL Server spreplwritetovarbin Buffer Overflow

Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...

9CVSS10AI score0.87036EPSS
Exploits12
Saint
Saint
•added 2005/12/08 12:0 a.m.•126 views

FreeFTPd user name buffer overflow

Added: 12/08/2005 CVE: CVE-2005-3683 BID: 15457 OSVDB: 20909 Background FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms. Problem An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command. Resolution Upgrade ...

7.5CVSS7.5AI score0.71506EPSS
Exploits8
Saint
Saint
•added 2025/04/11 12:0 a.m.•125 views

Langflow /api/v1/validate/code command injection

Added: 04/11/2025 CVE: CVE-2025-3248 Background Langflow is a low-code tool for building AI agents and workflows. Problem A command injection vulnerability in the /api/v1/validate/code API endpoint could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially...

9.8CVSS8.8AI score0.9999EPSS
Exploits33
Saint
Saint
•added 2026/01/26 12:0 a.m.•124 views

Cisco Unified Communications Manager command injection

Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...

6.2AI score
Exploits0
Saint
Saint
•added 2026/01/21 12:0 a.m.•124 views

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

6AI score
Exploits0
Saint
Saint
•added 2020/12/22 12:0 a.m.•124 views

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

8.3AI score
Exploits0
Saint
Saint
•added 2009/08/14 12:0 a.m.•124 views

Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow

Added: 08/14/2009 CVE: CVE-2009-1534 BID: 35992 OSVDB: 56916 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

9.3CVSS6.8AI score0.5161EPSS
Exploits8
Saint
Saint
•added 2022/10/31 12:0 a.m.•123 views

VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...

8AI score
Exploits0
Saint
Saint
•added 2022/06/06 12:0 a.m.•123 views

Atlassian Confluence Server OGNL injection

Added: 06/06/2022 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that could allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

8.6AI score
Exploits0
Saint
Saint
•added 2012/12/24 12:0 a.m.•123 views

Apple QuickTime TeXML Style Element Buffer Overflow

Added: 12/24/2012 CVE: CVE-2012-3752 BID: 56557 OSVDB: 87087 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.2 and earlier is vulnerable to remote code execution due to a failure to perform appropriate boundary checking. A remote attacker who...

9.3CVSS7.5AI score0.36014EPSS
Exploits9
Saint
Saint
•added 2019/05/02 12:0 a.m.•122 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

9.8CVSS8.8AI score0.99964EPSS
Exploits35
Saint
Saint
•added 2013/03/04 12:0 a.m.•122 views

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS8.3AI score0.97612EPSS
Exploits44
Saint
Saint
•added 2025/12/19 12:0 a.m.•121 views

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

10CVSS5.9AI score0.89733EPSS
Exploits8
Saint
Saint
•added 2025/11/24 12:0 a.m.•121 views

Oracle Fusion Middleware Identity Manager authentication bypass

Added: 11/24/2025 Background Oracle Fusion Middleware is a platform for creating and running applications. Problem An authentication bypass vulnerability in the Identity Manager component allows remote attackers to execute arbitrary commands by appending ;.wadl to a URL. Resolution See Oracle Pat...

5.9AI score
Exploits0
Saint
Saint
•added 2025/02/28 12:0 a.m.•121 views

MITRE Caldera dynamic compilation command injection

Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...

10CVSS7.7AI score0.23813EPSS
Exploits2
Saint
Saint
•added 2020/10/28 12:0 a.m.•121 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

8.2AI score
Exploits0
Saint
Saint
•added 2018/11/20 12:0 a.m.•121 views

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

7.9AI score
Exploits0
Saint
Saint
•added 2014/09/26 12:0 a.m.•121 views

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

10CVSS10AI score0.99999EPSS
Exploits132
Saint
Saint
•added 2008/07/23 12:0 a.m.•121 views

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...

10CVSS8.9AI score0.04267EPSS
Exploits4
Saint
Saint
•added 2006/12/18 12:0 a.m.•121 views

Oracle MD2 component SDO_CODE_SIZE buffer overflow

Added: 12/18/2006 CVE: CVE-2004-1774 BID: 10871 OSVDB: 9867 Background Oracle Database is a relational database solution available for multiple platforms. Problem A buffer overflow in the SDOCODESIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary...

7.2CVSS9.8AI score0.02672EPSS
Exploits5
Saint
Saint
•added 2025/05/23 12:0 a.m.•120 views

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

9.8CVSS8AI score0.23953EPSS
Exploits4
Saint
Saint
•added 2021/04/09 12:0 a.m.•120 views

Google Chrome SimplifiedLowering bug

Added: 04/09/2021 Background Google Chrome is a web browser application available for multiple platforms. Problem A bug in the SimplifiedLowering function can potentially lead to a heap overflow which can be exploited to execute arbitrary commands when a user opens a malicious web page. Resolutio...

0.1AI score
Exploits0
Saint
Saint
•added 2014/11/20 12:0 a.m.•120 views

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

10CVSS10AI score0.99999EPSS
Exploits132
Saint
Saint
•added 2008/03/10 12:0 a.m.•120 views

MySQL yaSSL SSL Hello message buffer overflow

Added: 03/10/2008 CVE: CVE-2008-0226 BID: 27140 OSVDB: 41935 Background MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default. Problem A buffer overflow vulnerability in the...

7.5CVSS7.3AI score0.91602EPSS
Exploits13
Saint
Saint
•added 2026/01/21 12:0 a.m.•119 views

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

6.2AI score
Exploits0
Saint
Saint
•added 2020/02/27 12:0 a.m.•119 views

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

9CVSS9AI score0.02479EPSS
Exploits4
Saint
Saint
•added 2014/12/03 12:0 a.m.•119 views

Linux kernel futex_requeue privilege elevation

Added: 12/03/2014 CVE: CVE-2014-3153 BID: 67906 OSVDB: 107752 Background The futex system call in Linux provides a mechanism for user-space locking. Problem A vulnerability in the Linux kernel allows an unprivileged user to gain root access using a specially crafted futexrequeue call. Resolution...

7.8CVSS7.2AI score0.37233EPSS
Exploits15
Saint
Saint
•added 2014/11/05 12:0 a.m.•119 views

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

10CVSS10AI score0.99999EPSS
Exploits132
Total number of security vulnerabilities4305