Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•87 views

Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of SMB2SESSIONSETUP...

9CVSS7.4AI score0.02593EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/21 12:0 a.m.•87 views

Oracle VirtualBox VRDP Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of smartcard I/O messages. The issue results from the lack of proper...

8.1CVSS3.3AI score0.01346EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/05/14 12:0 a.m.•87 views

(Pwn2Own) Schneider Electric EcoStructure Operator Terminal Expert VXDZ Arbitrary Library Load Remote Code Execution Vulnerability

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...

7.8CVSS3.7AI score0.01347EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/13 12:0 a.m.•86 views

Apple macOS CVMServer Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CVMServer daemon. Th...

7.8CVSS6.5AI score0.00809EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/25 12:0 a.m.•86 views

Apple macOS CoreText TTF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing o...

7.8CVSS6.6AI score0.01748EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/09/15 12:0 a.m.•86 views

Trend Micro Mobile Security for Enterprise reset_device_passwd id SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the resetdevicepasswd action. When parsing th...

9CVSS4.9AI score0.50166EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2015/04/24 12:0 a.m.•86 views

(0Day) Realtek SDK miniigd AddPortMapping SOAP Action Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient...

10CVSS8.2AI score0.99975EPSS
Exploits6References1
Zero Day Initiative
Zero Day Initiative
•added 2015/03/12 12:0 a.m.•86 views

MICROSYS PROMOTIC Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MICROSYS PROMOTIC. Authentication is not required to exploit this vulnerability. The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this da...

7.5CVSS7.5AI score0.04747EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/12 12:0 a.m.•85 views

Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageIO framework...

7.8CVSS5.3AI score0.01196EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/15 12:0 a.m.•85 views

Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS...

7.8CVSS4.4AI score0.03138EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2019/07/24 12:0 a.m.•85 views

Apple macOS diskmanagementd Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/12/13 12:0 a.m.•85 views

Microsoft Office PowerPoint PPT File Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.3CVSS3.2AI score0.162EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/08/14 12:0 a.m.•85 views

Crestron Multiple Products CTP Console LAUNCH Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron's WindowCE-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the engineer built-in account that enables a hidden 'LAUNC...

8.5CVSS2.3AI score0.05707EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/06/26 12:0 a.m.•85 views

Microsoft Windows VBScript Class_Terminate Invalid Object Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS2.5AI score0.87814EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
•added 2015/07/14 12:0 a.m.•85 views

Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

6.8CVSS6.5AI score0.1842EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/02/22 12:0 a.m.•84 views

TP-Link TL-WR940N httpd newBridgessid Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue...

6.8CVSS3.1AI score0.00724EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2021/05/03 12:0 a.m.•84 views

Esri ArcGIS Earth KMZ File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcGIS Earth. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of K...

7.8CVSS3.9AI score0.01138EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/29 12:0 a.m.•84 views

Apache Tapestry ContextAssetRequestHandler Incorrect Authorization Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Tapestry. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ContextAssetRequestHandler class. The issue results from the improper...

7.5CVSS7.2AI score0.06559EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/09/10 12:0 a.m.•84 views

Microsoft Windows WebM Video Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

8.8CVSS7.2AI score0.04664EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/07/23 12:0 a.m.•84 views

Microsoft Windows LNK File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of L...

8.8CVSS6.3AI score0.74388EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2014/04/03 12:0 a.m.•84 views

Splunk runshellscript echo.sh Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the advanced search...

9CVSS3.6AI score0.04804EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/04/15 12:0 a.m.•83 views

(Pwn2Own) Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...

5.4CVSS7.1AI score0.01599EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/23 12:0 a.m.•83 views

Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of SMB2WRITE commands. The issue results from the lack of proper validatio...

9.6CVSS1.1AI score0.03503EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/09/08 12:0 a.m.•83 views

(Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the receiveddata method. Crafted data in a HTTP response can trigger a write past the e...

6.3CVSS1.4AI score0.02392EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/22 12:0 a.m.•83 views

MySQL memcached Plugin Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MySQL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Append and Prepend commands in the memcached plugin. The issue results from the...

9.8CVSS4.1AI score0.08216EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/10/10 12:0 a.m.•83 views

Microsoft Windows DNSAPI NSEC3_RecordRead Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

6.8CVSS2.9AI score0.33338EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2016/03/28 12:0 a.m.•83 views

HID VertX/Edge discoveryd Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HID Edge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discoveryd service. The issue lies in the failure to sanitize user data before executing ...

10CVSS7.5AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/06 12:0 a.m.•82 views

VMware vCenter Server Appliance DCE/RPC Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of DCE/RPC protocol. The issue results from the lack ...

9.8CVSS7.7AI score0.99428EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2023/03/31 12:0 a.m.•82 views

TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of prop...

8.8CVSS7.1AI score0.00712EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/01/16 12:0 a.m.•82 views

(0Day) Quest NetVault Backup Process Manager Service Multipart Boundary Header Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the...

10CVSS9.4AI score0.67218EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2017/12/20 12:0 a.m.•82 views

QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the OLDPASSWORD parameter provided to the changepassword.cgi endpoint. The...

10CVSS2.8AI score0.03284EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2016/12/15 12:0 a.m.•82 views

Delta Industrial Automation WPLSoft Register Data File Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

6.8CVSS5.5AI score0.01708EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2012/02/08 12:0 a.m.•82 views

EMC Networker indexd.exe Opcode 0x01 Parsing Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While...

10CVSS5.9AI score0.03153EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/08/09 12:0 a.m.•82 views

Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

9CVSS4.4AI score0.05084EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•81 views

Bentley MicroStation CONNECT PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS4.8AI score0.02113EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/10 12:0 a.m.•81 views

Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS...

7.8CVSS4.4AI score0.13337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/29 12:0 a.m.•81 views

Synology DiskStation Manager Netatalk dsi_doff Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS418play. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results...

8.8CVSS2.9AI score0.02331EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/12/29 12:0 a.m.•81 views

Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue...

9.8CVSS3.6AI score0.8121EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2012/06/28 12:0 a.m.•81 views

IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOl...

7.5CVSS3.7AI score0.3095EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
•added 2010/12/23 12:0 a.m.•81 views

Rocket U2 Uni RPC Service Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Uni RPC service...

10CVSS8.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2008/10/08 12:0 a.m.•81 views

Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and...

10CVSS4.6AI score0.09821EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2007/11/05 12:0 a.m.•81 views

Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsR...

9.3CVSS3.5AI score0.46662EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/24 12:0 a.m.•80 views

(Pwn2Own) TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability

This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling...

9.8CVSS7.2AI score0.01159EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/07/28 12:0 a.m.•80 views

OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

7.8CVSS3.9AI score0.00845EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/09 12:0 a.m.•80 views

Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...

4.3CVSS3.1AI score0.01923EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/02/22 12:0 a.m.•80 views

(Pwn2Own) Cisco RV340 update-clients Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...

6.8CVSS2.9AI score0.14863EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/02/10 12:0 a.m.•80 views

(Pwn2Own) Sonos One Speaker ALAC Frame Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ALAC audio codec. The issue results from the lack of proper validation of the leng...

9.8CVSS5.8AI score0.07212EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•80 views

Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS5AI score0.02016EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•80 views

Bentley MicroStation CONNECT DXF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS4.5AI score0.02005EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2014/04/08 12:0 a.m.•80 views

Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Web Appliance. Authentication is required to exploit this vulnerability. The specific flaws exist within the changepassword and netinterface functions of the web appliance. The first flaw wi...

8.5CVSS7.8AI score0.61192EPSS
Exploits2References1
Total number of security vulnerabilities5000