| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527. |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device. |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files. |
| NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the BkreProcessThread class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
. Was ZDI-CAN-19719. |
| NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
. Was ZDI-CAN-19725. |
| In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks |
| PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.
The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965. |
| In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. |
| EisBaer Scada - CWE-749: Exposed Dangerous Method or Function |
|
Softneta MedDream PACS does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0 |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. |
| Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content. |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. |
| Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. |
|
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.
|
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. |
| The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Demo_ExecuteProcessOnGroup workflow. By creating a workflow, an attacker can specify an arbitrary command to be executed. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-13889. |
