Page 269 of 8664 results (0.034 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. • https://www.papercut.com/kb/Main/SecurityBulletinJuly2023 https://www.zerodayinitiative.com/advisories/ZDI-23-1285 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device. • https://tetraburst.com • CWE-248: Uncaught Exception CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •