Show filters
534 topics marked with the following tags:
Displaying 21-30 of 534
Sort by:
Attacker Value
Very High
CVE-2024-2389
Disclosure Date: April 02, 2024 (last updated April 03, 2024)
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
1
Attacker Value
Moderate
CVE-2023-20178
Disclosure Date: June 07, 2023 (last updated January 25, 2024)
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.
This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
3
Attacker Value
Very High
CVE-2015-9107
Disclosure Date: August 04, 2017 (last updated October 05, 2023)
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
0
Attacker Value
Moderate
CVE-2022-23642
Disclosure Date: February 18, 2022 (last updated October 07, 2023)
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.
1
Attacker Value
Very High
CVE-2017-6526
Disclosure Date: March 09, 2017 (last updated October 05, 2023)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
0
Attacker Value
Low
CVE-2021-21956
Disclosure Date: November 22, 2021 (last updated October 07, 2023)
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
1
Attacker Value
Moderate
CVE-2019-8451
Disclosure Date: September 11, 2019 (last updated October 06, 2023)
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
1
Attacker Value
Moderate
CVE-2023-37679
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
2
Attacker Value
Low
CVE-2023-0297
Disclosure Date: January 14, 2023 (last updated October 08, 2023)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
1
Attacker Value
Very Low
CVE-2020-9340
Disclosure Date: February 22, 2020 (last updated October 06, 2023)
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
0