Lucene search
K

4305 matches found

Saint
Saint
•added 2020/09/02 12:0 a.m.•261 views

vBulletin subWidgets command execution

Added: 09/02/2020 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widgettabbedcontainertabpane...

8.3AI score
Exploits0
Saint
Saint
•added 2020/09/02 12:0 a.m.•31 views

vBulletin subWidgets command execution

Added: 09/02/2020 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widgettabbedcontainertabpane...

8.3AI score
Exploits0
Saint
Saint
•added 2020/08/13 12:0 a.m.•249 views

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

10CVSS9.9AI score0.64596EPSS
Exploits8
Saint
Saint
•added 2020/08/13 12:0 a.m.•238 views

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

10CVSS9.8AI score0.64596EPSS
Exploits8
Saint
Saint
•added 2020/08/13 12:0 a.m.•46 views

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

10CVSS9.9AI score0.64596EPSS
Exploits8
Saint
Saint
•added 2020/07/29 12:0 a.m.•157 views

Ruby on Rails local names command execution

Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...

6.5CVSS8.8AI score0.83085EPSS
Exploits10
Saint
Saint
•added 2020/07/29 12:0 a.m.•136 views

Ruby on Rails local names command execution

Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...

8.8CVSS8.8AI score0.83085EPSS
Exploits10
Saint
Saint
•added 2020/07/29 12:0 a.m.•49 views

Ruby on Rails local names command execution

Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...

8.8CVSS8.8AI score0.83085EPSS
Exploits10
Saint
Saint
•added 2020/07/01 12:0 a.m.•158 views

Netgear R7000 Router remote command execution

Added: 07/01/2020 Background Netgear R7000 is a line of wireless routers. Problem A vulnerability in the web interface could allow unauthenticated attackers to execute arbitrary commands on the device. Resolution Disable access to the web interface from the public network. References...

8.3AI score
Exploits0
Saint
Saint
•added 2020/07/01 12:0 a.m.•173 views

Netgear R7000 Router remote command execution

Added: 07/01/2020 Background Netgear R7000 is a line of wireless routers. Problem A vulnerability in the web interface could allow unauthenticated attackers to execute arbitrary commands on the device. Resolution Disable access to the web interface from the public network. References Platforms...

5.4AI score
Exploits0
Saint
Saint
•added 2020/07/01 12:0 a.m.•38 views

Netgear R7000 Router remote command execution

Added: 07/01/2020 Background Netgear R7000 is a line of wireless routers. Problem A vulnerability in the web interface could allow unauthenticated attackers to execute arbitrary commands on the device. Resolution Disable access to the web interface from the public network. References...

8.3AI score
Exploits0
Saint
Saint
•added 2020/05/27 12:0 a.m.•318 views

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

7.5CVSS9.9AI score0.97116EPSS
Exploits26
Saint
Saint
•added 2020/05/27 12:0 a.m.•219 views

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

9.8CVSS9.8AI score0.97116EPSS
Exploits26
Saint
Saint
•added 2020/05/27 12:0 a.m.•177 views

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

9.8CVSS9.8AI score0.97116EPSS
Exploits26
Saint
Saint
•added 2020/04/30 12:0 a.m.•220 views

Unraid webGui remote code execution

Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...

10CVSS9.7AI score0.95844EPSS
Exploits8
Saint
Saint
•added 2020/04/30 12:0 a.m.•144 views

Unraid webGui remote code execution

Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...

10CVSS8.9AI score0.95844EPSS
Exploits8
Saint
Saint
•added 2020/04/30 12:0 a.m.•36 views

Unraid webGui remote code execution

Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...

10CVSS8.9AI score0.95844EPSS
Exploits8
Saint
Saint
•added 2020/03/24 12:0 a.m.•116 views

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

8.3AI score
Exploits0
Saint
Saint
•added 2020/03/24 12:0 a.m.•215 views

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

0.9AI score
Exploits0
Saint
Saint
•added 2020/03/24 12:0 a.m.•46 views

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

8.3AI score
Exploits0
Saint
Saint
•added 2020/03/03 12:0 a.m.•482 views

Microsoft SharePoint Picker.aspx deserialization vulnerability

Added: 03/03/2020 CVE: CVE-2019-0604 BID: 106914 Background Microsoft SharePoint is a tool for management and automation of business processes, as well as a platform for social networking. Problem A deserialization vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary...

9.8CVSS9.9AI score0.99913EPSS
Exploits29
Saint
Saint
•added 2020/03/03 12:0 a.m.•1473 views

Microsoft SharePoint Picker.aspx deserialization vulnerability

Added: 03/03/2020 CVE: CVE-2019-0604 BID: 106914 Background Microsoft SharePoint is a tool for management and automation of business processes, as well as a platform for social networking. Problem A deserialization vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary...

7.5CVSS9.9AI score0.99913EPSS
Exploits29
Saint
Saint
•added 2020/03/03 12:0 a.m.•465 views

Microsoft SharePoint Picker.aspx deserialization vulnerability

Added: 03/03/2020 CVE: CVE-2019-0604 BID: 106914 Background Microsoft SharePoint is a tool for management and automation of business processes, as well as a platform for social networking. Problem A deserialization vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary...

9.8CVSS9.9AI score0.99913EPSS
Exploits29
Saint
Saint
•added 2020/02/27 12:0 a.m.•85 views

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

9CVSS8.9AI score0.02479EPSS
Exploits4
Saint
Saint
•added 2020/02/27 12:0 a.m.•84 views

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

9CVSS9AI score0.02479EPSS
Exploits4
Saint
Saint
•added 2020/02/27 12:0 a.m.•119 views

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

9CVSS9AI score0.02479EPSS
Exploits4
Saint
Saint
•added 2020/02/10 12:0 a.m.•367 views

OpenSMTPD MAIL FROM command injection

Added: 02/10/2020 CVE: CVE-2020-7247 Background OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms. Problem The smtpmailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary...

10CVSS9.8AI score0.98946EPSS
Exploits27
Saint
Saint
•added 2020/02/10 12:0 a.m.•106 views

OpenSMTPD MAIL FROM command injection

Added: 02/10/2020 CVE: CVE-2020-7247 Background OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms. Problem The smtpmailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary...

10CVSS9.8AI score0.98946EPSS
Exploits27
Saint
Saint
•added 2020/02/10 12:0 a.m.•57 views

OpenSMTPD MAIL FROM command injection

Added: 02/10/2020 CVE: CVE-2020-7247 Background OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms. Problem The smtpmailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary...

10CVSS9.8AI score0.98946EPSS
Exploits27
Saint
Saint
•added 2020/01/13 12:0 a.m.•62 views

Citrix ADC and Gateway directory traversal and XML file upload

Added: 01/13/2020 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Citrix Gateway formerly NetScaler Unified Gateway is a secure workspace access and single sign-on solution. Problem A directory traversal vulnerability allows remote attackers to...

8.4AI score
Exploits0
Saint
Saint
•added 2020/01/13 12:0 a.m.•76 views

Citrix ADC and Gateway directory traversal and XML file upload

Added: 01/13/2020 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Citrix Gateway formerly NetScaler Unified Gateway is a secure workspace access and single sign-on solution. Problem A directory traversal vulnerability allows remote attackers to...

0.9AI score
Exploits0
Saint
Saint
•added 2020/01/13 12:0 a.m.•37 views

Citrix ADC and Gateway directory traversal and XML file upload

Added: 01/13/2020 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Citrix Gateway formerly NetScaler Unified Gateway is a secure workspace access and single sign-on solution. Problem A directory traversal vulnerability allows remote attackers to...

8.4AI score
Exploits0
Saint
Saint
•added 2019/12/31 12:0 a.m.•84 views

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

8.2AI score
Exploits0
Saint
Saint
•added 2019/12/31 12:0 a.m.•69 views

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

4.1AI score
Exploits0
Saint
Saint
•added 2019/12/31 12:0 a.m.•34 views

Alcatel OmniVista remote command execution

Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...

8.2AI score
Exploits0
Saint
Saint
•added 2019/12/16 12:0 a.m.•94 views

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

9.8CVSS9.9AI score0.57022EPSS
Exploits7
Saint
Saint
•added 2019/12/16 12:0 a.m.•80 views

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

7.5CVSS9.9AI score0.57022EPSS
Exploits7
Saint
Saint
•added 2019/12/16 12:0 a.m.•44 views

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

9.8CVSS9.9AI score0.57022EPSS
Exploits7
Saint
Saint
•added 2019/11/25 12:0 a.m.•262 views

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

10CVSS8.7AI score0.98092EPSS
Exploits12
Saint
Saint
•added 2019/11/25 12:0 a.m.•133 views

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

10CVSS9.5AI score0.98092EPSS
Exploits12
Saint
Saint
•added 2019/11/25 12:0 a.m.•59 views

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

10CVSS8.7AI score0.98092EPSS
Exploits12
Saint
Saint
•added 2019/10/24 12:0 a.m.•146 views

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

1.4AI score
Exploits0
Saint
Saint
•added 2019/10/24 12:0 a.m.•133 views

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

8.3AI score
Exploits0
Saint
Saint
•added 2019/10/24 12:0 a.m.•35 views

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

8.3AI score
Exploits0
Saint
Saint
•added 2019/09/27 12:0 a.m.•108 views

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

3.8AI score
Exploits0
Saint
Saint
•added 2019/09/27 12:0 a.m.•149 views

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

7.7AI score
Exploits0
Saint
Saint
•added 2019/09/27 12:0 a.m.•33 views

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

7.7AI score
Exploits0
Saint
Saint
•added 2019/09/13 12:0 a.m.•175 views

Cisco UCS Director authentication bypass and command injection

Added: 09/13/2019 CVE: CVE-2019-1937 Background Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Problem An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a...

10CVSS9.5AI score0.75863EPSS
Exploits14
Saint
Saint
•added 2019/09/13 12:0 a.m.•161 views

Cisco UCS Director authentication bypass and command injection

Added: 09/13/2019 CVE: CVE-2019-1937 Background Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Problem An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a...

10CVSS9.5AI score0.75863EPSS
Exploits14
Saint
Saint
•added 2019/09/13 12:0 a.m.•55 views

Cisco UCS Director authentication bypass and command injection

Added: 09/13/2019 CVE: CVE-2019-1937 Background Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Problem An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a...

10CVSS9.5AI score0.75863EPSS
Exploits14
Total number of security vulnerabilities4305