Lucene search
K

4305 matches found

Saint
Saint
•added 2021/11/24 12:0 a.m.•65 views

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

8.2AI score
Exploits0
Saint
Saint
•added 2021/10/21 12:0 a.m.•143 views

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

8.2AI score
Exploits0
Saint
Saint
•added 2021/10/21 12:0 a.m.•374 views

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

1.1AI score
Exploits0
Saint
Saint
•added 2021/10/21 12:0 a.m.•53 views

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

8.2AI score
Exploits0
Saint
Saint
•added 2021/09/28 12:0 a.m.•84 views

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...

9.8CVSS8AI score0.99723EPSS
Exploits19
Saint
Saint
•added 2021/09/28 12:0 a.m.•214 views

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...

7.5CVSS1.4AI score0.99723EPSS
Exploits19
Saint
Saint
•added 2021/09/28 12:0 a.m.•92 views

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...

9.8CVSS8AI score0.99723EPSS
Exploits19
Saint
Saint
•added 2021/09/20 12:0 a.m.•141 views

Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

2.9AI score
Exploits0
Saint
Saint
•added 2021/09/20 12:0 a.m.•62 views

Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

8.6AI score
Exploits0
Saint
Saint
•added 2021/09/20 12:0 a.m.•46 views

Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

8.6AI score
Exploits0
Saint
Saint
•added 2021/08/27 12:0 a.m.•268 views

Sophos UTM Webadmin remote command execution

Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...

10CVSS9.9AI score0.96693EPSS
Exploits9
Saint
Saint
•added 2021/08/27 12:0 a.m.•463 views

Sophos UTM Webadmin remote command execution

Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...

3.6AI score0.96693EPSS
Exploits9
Saint
Saint
•added 2021/08/27 12:0 a.m.•115 views

Sophos UTM Webadmin remote command execution

Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...

10CVSS9.9AI score0.96693EPSS
Exploits9
Saint
Saint
•added 2021/07/28 12:0 a.m.•191 views

Aruba Instant command execution

Added: 07/28/2021 Background Aruba Instant is a controllerless wi-fi solution. Problem The combination of several different vulnerabilities in Aruba Instant could allow remote attackers to execute arbitrary commands by sending specially crafted web requests. Resolution Upgrade to Aruba Instant...

5.4AI score
Exploits0
Saint
Saint
•added 2021/07/28 12:0 a.m.•162 views

Aruba Instant command execution

Added: 07/28/2021 Background Aruba Instant is a controllerless wi-fi solution. Problem The combination of several different vulnerabilities in Aruba Instant could allow remote attackers to execute arbitrary commands by sending specially crafted web requests. Resolution Upgrade to Aruba Instant...

8.4AI score
Exploits0
Saint
Saint
•added 2021/07/28 12:0 a.m.•47 views

Aruba Instant command execution

Added: 07/28/2021 Background Aruba Instant is a controllerless wi-fi solution. Problem The combination of several different vulnerabilities in Aruba Instant could allow remote attackers to execute arbitrary commands by sending specially crafted web requests. Resolution Upgrade to Aruba Instant...

8.4AI score
Exploits0
Saint
Saint
•added 2021/06/23 12:0 a.m.•244 views

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

10CVSS10AI score0.86716EPSS
Exploits9
Saint
Saint
•added 2021/06/23 12:0 a.m.•194 views

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

10CVSS5AI score0.86716EPSS
Exploits9
Saint
Saint
•added 2021/06/23 12:0 a.m.•108 views

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

10CVSS10AI score0.86716EPSS
Exploits9
Saint
Saint
•added 2021/05/24 12:0 a.m.•195 views

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

2.3AI score
Exploits0
Saint
Saint
•added 2021/05/24 12:0 a.m.•197 views

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

8.7AI score
Exploits0
Saint
Saint
•added 2021/05/24 12:0 a.m.•30 views

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

8.7AI score
Exploits0
Saint
Saint
•added 2021/04/09 12:0 a.m.•95 views

Google Chrome SimplifiedLowering bug

Added: 04/09/2021 Background Google Chrome is a web browser application available for multiple platforms. Problem A bug in the SimplifiedLowering function can potentially lead to a heap overflow which can be exploited to execute arbitrary commands when a user opens a malicious web page. Resolutio...

8.2AI score
Exploits0
Saint
Saint
•added 2021/04/09 12:0 a.m.•120 views

Google Chrome SimplifiedLowering bug

Added: 04/09/2021 Background Google Chrome is a web browser application available for multiple platforms. Problem A bug in the SimplifiedLowering function can potentially lead to a heap overflow which can be exploited to execute arbitrary commands when a user opens a malicious web page. Resolutio...

0.1AI score
Exploits0
Saint
Saint
•added 2021/04/09 12:0 a.m.•43 views

Google Chrome SimplifiedLowering bug

Added: 04/09/2021 Background Google Chrome is a web browser application available for multiple platforms. Problem A bug in the SimplifiedLowering function can potentially lead to a heap overflow which can be exploited to execute arbitrary commands when a user opens a malicious web page. Resolutio...

8.2AI score
Exploits0
Saint
Saint
•added 2021/03/19 12:0 a.m.•1331 views

Microsoft Exchange Server ProxyLogon vulnerability

Added: 03/19/2021 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenced in Microsoft Advisory...

7.5CVSS0.9AI score0.99999EPSS
Exploits63
Saint
Saint
•added 2021/03/19 12:0 a.m.•485 views

Microsoft Exchange Server ProxyLogon vulnerability

Added: 03/19/2021 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenced in Microsoft Advisory...

9.8CVSS10AI score0.99999EPSS
Exploits63
Saint
Saint
•added 2021/03/19 12:0 a.m.•679 views

Microsoft Exchange Server ProxyLogon vulnerability

Added: 03/19/2021 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenced in Microsoft Advisory...

9.8CVSS10AI score0.99999EPSS
Exploits63
Saint
Saint
•added 2021/02/25 12:0 a.m.•116 views

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

8AI score
Exploits0
Saint
Saint
•added 2021/02/25 12:0 a.m.•211 views

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

1.1AI score
Exploits0
Saint
Saint
•added 2021/02/25 12:0 a.m.•27 views

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

8AI score
Exploits0
Saint
Saint
•added 2021/02/03 12:0 a.m.•126 views

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

8.3AI score
Exploits0
Saint
Saint
•added 2021/02/03 12:0 a.m.•230 views

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

1.9AI score
Exploits0
Saint
Saint
•added 2021/02/03 12:0 a.m.•29 views

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

8.3AI score
Exploits0
Saint
Saint
•added 2021/01/08 12:0 a.m.•108 views

Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

1.8AI score
Exploits0
Saint
Saint
•added 2021/01/08 12:0 a.m.•97 views

Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

8.8AI score
Exploits0
Saint
Saint
•added 2021/01/08 12:0 a.m.•64 views

Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

8.8AI score
Exploits0
Saint
Saint
•added 2020/12/22 12:0 a.m.•124 views

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

8.3AI score
Exploits0
Saint
Saint
•added 2020/12/22 12:0 a.m.•178 views

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

2.2AI score
Exploits0
Saint
Saint
•added 2020/12/22 12:0 a.m.•47 views

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

8.3AI score
Exploits0
Saint
Saint
•added 2020/11/27 12:0 a.m.•660 views

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

7.5CVSS9.8AI score0.97399EPSS
Exploits15
Saint
Saint
•added 2020/11/27 12:0 a.m.•229 views

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

9.8CVSS9.8AI score0.97399EPSS
Exploits15
Saint
Saint
•added 2020/11/27 12:0 a.m.•63 views

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

9.8CVSS9.8AI score0.97399EPSS
Exploits15
Saint
Saint
•added 2020/10/28 12:0 a.m.•247 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

3.2AI score
Exploits0
Saint
Saint
•added 2020/10/28 12:0 a.m.•121 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

8.2AI score
Exploits0
Saint
Saint
•added 2020/10/28 12:0 a.m.•36 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

8.2AI score
Exploits0
Saint
Saint
•added 2020/09/25 12:0 a.m.•1007 views

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

9.8CVSS8.7AI score0.99022EPSS
Exploits14
Saint
Saint
•added 2020/09/25 12:0 a.m.•1795 views

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

6.5CVSS8.6AI score0.99022EPSS
Exploits14
Saint
Saint
•added 2020/09/25 12:0 a.m.•1036 views

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

9.8CVSS8.7AI score0.99022EPSS
Exploits14
Saint
Saint
•added 2020/09/02 12:0 a.m.•344 views

vBulletin subWidgets command execution

Added: 09/02/2020 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widgettabbedcontainertabpane...

1.6AI score
Exploits0
Total number of security vulnerabilities4305