Page 291 of 45564 results (0.093 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the context of the HTTP server. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the context of the HTTP server. • https://www.zerodayinitiative.com/advisories/ZDI-24-808 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. ... An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-803 • CWE-693: Protection Mechanism Failure •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wp-pexels-free-stock-photos/trunk/settings.php#L239 https://www.wordfence.com/threat-intel/vulnerabilities/id/79dd492e-d4da-4209-83a8-d8059263ae92?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-787: Out-of-bounds Write •