4985 matches found
VulnCheck KEV: CVE-2023-3852
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...
VulnCheck KEV: CVE-2022-31814
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...
VulnCheck KEV: CVE-2023-36542
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission...
VulnCheck KEV: CVE-2023-26469
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...
VulnCheck KEV: CVE-2023-3368
Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...
VulnCheck KEV: CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
VulnCheck KEV: CVE-2023-4166
A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/sealmanage/dianju/deletelog.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to the public and may be...
VulnCheck KEV: CVE-2024-29269
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter...
VulnCheck KEV: CVE-2022-3590
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden...
VulnCheck KEV: CVE-2022-20707
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned...
VulnCheck KEV: CVE-2023-30799
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...
VulnCheck KEV: CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
VulnCheck KEV: CVE-2020-35391
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information possibly including an httppasswd line via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character...
VulnCheck KEV: CVE-2017-7876
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions...
VulnCheck KEV: CVE-2024-1561
An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an...
VulnCheck KEV: CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
VulnCheck KEV: CVE-2019-11829
OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...
VulnCheck KEV: CVE-2024-8957
PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntpaddr parameter of the /cgi-bin/param.cgi CGI script...
VulnCheck KEV: CVE-2024-8956
PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...
VulnCheck KEV: CVE-2023-5222
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...
VulnCheck KEV: CVE-2024-6396
A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated...
VulnCheck KEV: CVE-2024-2961
The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...
VulnCheck KEV: CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
VulnCheck KEV: CVE-2024-7339
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...
VulnCheck KEV: CVE-2024-8190
Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...
VulnCheck KEV: CVE-2023-45727
North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity XXE reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack...
VulnCheck KEV: CVE-2023-28461
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...
VulnCheck KEV: CVE-2024-6670
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...
VulnCheck KEV: CVE-2023-0656
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash...
VulnCheck KEV: CVE-2024-6671
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...
VulnCheck KEV: CVE-2024-8529
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
VulnCheck KEV: CVE-2022-22274
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution in the firewall...
VulnCheck KEV: CVE-2024-7120
A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is...
VulnCheck KEV: CVE-2024-8522
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
VulnCheck KEV: CVE-2024-45195
Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access...
VulnCheck KEV: CVE-2024-41869
A use after free vulnerability exists in Adobe Acrobat and Reader that could allow for arbitrary code execution...
VulnCheck KEV: CVE-2024-22252
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
VulnCheck KEV: CVE-2023-6023
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifactpath URL parameter...
VulnCheck KEV: CVE-2024-22253
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
VulnCheck KEV: CVE-2024-8277
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login function and not properly verifying the user's...
VulnCheck KEV: CVE-2023-38817
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echodriver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
VulnCheck KEV: CVE-2024-43491
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 initial version released July 2015. This means that an attacker could exploit these previously mitigated vulnerabilities...
VulnCheck KEV: CVE-2024-38014
Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges...
VulnCheck KEV: CVE-2024-38217
Microsoft Windows Mark of the Web MOTW contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW...
VulnCheck KEV: CVE-2024-43461
Microsoft Windows MSHTML Platform contains a user interface UI misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112...
VulnCheck KEV: CVE-2024-38226
Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files...
VulnCheck KEV: CVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...
VulnCheck KEV: CVE-2024-6893
The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...
VulnCheck KEV: CVE-2024-6047
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
VulnCheck KEV: CVE-2019-1068
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'...