Page 16 of 35545 results (0.015 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE https://www.veeam.com/kb4679 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. • https://codecanyon.net/item/subscribe-download/2687305 https://www.wordfence.com/threat-intel/vulnerabilities/id/5c3c20b8-12cf-4ce6-a1d4-99204df33fcd?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. •