0.975590000 |
CVE-2019-16057 |
1.000000000 |
2024-12-23 |
|
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Reference: https://blog.cystack.net/d-link-dns-320-rce/ |
0.975580000 |
CVE-2020-5902 |
1.000000000 |
2024-12-23 |
|
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Reference: http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html |
0.975450000 |
CVE-2019-16662 |
0.999990000 |
2024-12-23 |
|
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. Reference: http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html |
0.975430000 |
CVE-2020-25223 |
0.999990000 |
2024-12-23 |
|
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Reference: http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html |
0.975420000 |
CVE-2017-5753 |
0.999980000 |
2024-12-23 |
|
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Reference: http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html |
0.975420000 |
CVE-1999-0532 |
0.999990000 |
2024-12-23 |
|
A DNS server allows zone transfers. Reference: https://www.cve.org/CVERecord?id=CVE-1999-0532 |
0.975390000 |
CVE-2014-0224 |
0.999980000 |
2024-12-23 |
|
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. Reference: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc |
0.975320000 |
CVE-2022-24706 |
0.999970000 |
2024-12-23 |
|
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. Reference: http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html |
0.975310000 |
CVE-2015-1635 |
0.999970000 |
2024-12-23 |
|
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." Reference: http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html |
0.975290000 |
CVE-2020-15505 |
0.999970000 |
2024-12-23 |
|
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. Reference: http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html |