Lucene search
K

4305 matches found

Saint
Saint
•added 2019/08/26 12:0 a.m.•29 views

Webmin password_change.cgi backdoor

Added: 08/26/2019 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for passwordchange.cgi...

8.3AI score
Exploits0
Saint
Saint
•added 2019/08/26 12:0 a.m.•179 views

Webmin password_change.cgi backdoor

Added: 08/26/2019 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for passwordchange.cgi...

8.3AI score
Exploits0
Saint
Saint
•added 2019/08/26 12:0 a.m.•116 views

Webmin password_change.cgi backdoor

Added: 08/26/2019 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for passwordchange.cgi...

1.3AI score
Exploits0
Saint
Saint
•added 2019/07/26 12:0 a.m.•81 views

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

8.6AI score
Exploits0
Saint
Saint
•added 2019/07/26 12:0 a.m.•70 views

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

1.7AI score
Exploits0
Saint
Saint
•added 2019/07/26 12:0 a.m.•24 views

Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

8.6AI score
Exploits0
Saint
Saint
•added 2019/06/28 12:0 a.m.•77 views

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

8.3AI score
Exploits0
Saint
Saint
•added 2019/06/28 12:0 a.m.•74 views

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

4.3AI score
Exploits0
Saint
Saint
•added 2019/06/28 12:0 a.m.•28 views

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

8.3AI score
Exploits0
Saint
Saint
•added 2019/06/06 12:0 a.m.•273 views

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

7.5CVSS8AI score0.80906EPSS
Exploits10
Saint
Saint
•added 2019/06/06 12:0 a.m.•55 views

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

7.5CVSS8AI score0.80906EPSS
Exploits10
Saint
Saint
•added 2019/06/06 12:0 a.m.•143 views

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

5CVSS8AI score0.80906EPSS
Exploits10
Saint
Saint
•added 2019/05/07 12:0 a.m.•48 views

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

1.7AI score
Exploits0
Saint
Saint
•added 2019/05/07 12:0 a.m.•44 views

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

7.3AI score
Exploits0
Saint
Saint
•added 2019/05/07 12:0 a.m.•36 views

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

7.3AI score
Exploits0
Saint
Saint
•added 2019/05/02 12:0 a.m.•215 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

9.8CVSS8.8AI score0.99964EPSS
Exploits35
Saint
Saint
•added 2019/05/02 12:0 a.m.•122 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

9.8CVSS8.8AI score0.99964EPSS
Exploits35
Saint
Saint
•added 2019/05/02 12:0 a.m.•969 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

7.5CVSS8.8AI score0.99964EPSS
Exploits35
Saint
Saint
•added 2019/04/16 12:0 a.m.•55 views

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

7.7AI score
Exploits0
Saint
Saint
•added 2019/04/16 12:0 a.m.•25 views

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

7.7AI score
Exploits0
Saint
Saint
•added 2019/04/16 12:0 a.m.•52 views

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

2.6AI score
Exploits0
Saint
Saint
•added 2019/03/25 12:0 a.m.•27 views

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

8.8AI score
Exploits0
Saint
Saint
•added 2019/03/25 12:0 a.m.•309 views

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

4.1AI score
Exploits0
Saint
Saint
•added 2019/03/25 12:0 a.m.•29 views

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

8.8AI score
Exploits0
Saint
Saint
•added 2019/02/27 12:0 a.m.•94 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

6.8CVSS8.5AI score0.92017EPSS
Exploits22
Saint
Saint
•added 2019/02/27 12:0 a.m.•76 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

8.1CVSS8.5AI score0.92017EPSS
Exploits22
Saint
Saint
•added 2019/02/27 12:0 a.m.•59 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

8.1CVSS8.5AI score0.92017EPSS
Exploits22
Saint
Saint
•added 2019/01/18 12:0 a.m.•53 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

7.7AI score
Exploits0
Saint
Saint
•added 2019/01/18 12:0 a.m.•57 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

0.8AI score
Exploits0
Saint
Saint
•added 2019/01/18 12:0 a.m.•27 views

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

7.7AI score
Exploits0
Saint
Saint
•added 2018/12/21 12:0 a.m.•30 views

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

2AI score
Exploits0
Saint
Saint
•added 2018/12/21 12:0 a.m.•46 views

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

8.4AI score
Exploits0
Saint
Saint
•added 2018/12/21 12:0 a.m.•27 views

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

8.4AI score
Exploits0
Saint
Saint
•added 2018/12/11 12:0 a.m.•53 views

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

7.8AI score
Exploits0
Saint
Saint
•added 2018/12/11 12:0 a.m.•39 views

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

3.1AI score
Exploits0
Saint
Saint
•added 2018/12/11 12:0 a.m.•44 views

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

7.8AI score
Exploits0
Saint
Saint
•added 2018/11/20 12:0 a.m.•42 views

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

7.9AI score
Exploits0
Saint
Saint
•added 2018/11/20 12:0 a.m.•121 views

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

7.9AI score
Exploits0
Saint
Saint
•added 2018/11/20 12:0 a.m.•196 views

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

1.8AI score
Exploits0
Saint
Saint
•added 2018/10/29 12:0 a.m.•600 views

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

6.4CVSS2.3AI score0.91789EPSS
Exploits11
Saint
Saint
•added 2018/10/29 12:0 a.m.•784 views

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

9.1CVSS9.4AI score0.91789EPSS
Exploits11
Saint
Saint
•added 2018/10/29 12:0 a.m.•101 views

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

9.1CVSS9.4AI score0.91789EPSS
Exploits11
Saint
Saint
•added 2018/10/11 12:0 a.m.•528 views

Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018 BID: 105506 Background Cisco Prime Infrastructure, is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then...

3.1AI score
Exploits0
Saint
Saint
•added 2018/10/11 12:0 a.m.•526 views

Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018 BID: 105506 Background Cisco Prime Infrastructure, is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then...

8.3AI score
Exploits0
Saint
Saint
•added 2018/10/11 12:0 a.m.•34 views

Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018 BID: 105506 Background Cisco Prime Infrastructure, is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then...

8.3AI score
Exploits0
Saint
Saint
•added 2018/09/05 12:0 a.m.•556 views

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

1.5AI score
Exploits0
Saint
Saint
•added 2018/09/05 12:0 a.m.•532 views

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

8.2AI score
Exploits0
Saint
Saint
•added 2018/09/05 12:0 a.m.•27 views

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

8.2AI score
Exploits0
Saint
Saint
•added 2018/08/13 12:0 a.m.•540 views

Axis IP Camera authentication bypass and command injection

Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...

8.9AI score
Exploits0
Saint
Saint
•added 2018/08/13 12:0 a.m.•574 views

Axis IP Camera authentication bypass and command injection

Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...

1.7AI score
Exploits0
Total number of security vulnerabilities4305