Page 249 of 8676 results (0.084 seconds)

CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0

This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges. • https://tetraburst.com • CWE-134: Use of Externally-Controlled Format String •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Standard users may use this to gain arbitrary code execution as SYSTEM. • https://hackandpwn.com/disclosures/CVE-2023-45883.pdf https://www.vidyo.com/enterprise-video-management/qumu • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. Un problema descubierto en IXP EasyInstall 6.6.14884.0 permite a los atacantes ejecutar comandos arbitrarios, obtener privilegios elevados y causar otros impactos no especificados a través de llamadas API no autenticadas. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Un problema en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en phpinfo(). • https://github.com/Num-Nine/CVE/wiki/A-file-write-vulnerability-exists-in-GetSimpleCMS • CWE-94: Improper Control of Generation of Code ('Code Injection') •