Page 355 of 37591 results (0.066 seconds)

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. ... An attacker can leverage this vulnerability to execute code in the context of a10user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. ... An attacker can leverage this vulnerability to execute code in the context of a10user. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 https://www.zerodayinitiative.com/advisories/ZDI-24-524 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369 https://www.zerodayinitiative.com/advisories/ZDI-24-525 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/QianGeG/CVE/issues/14 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution. • https://github.com/setersora/pe6208 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

This could lead to remote code execution by parsing untrusted XML payload Vulnerabilidad de inyección de entidad externa XML encontrada en OpenTextâ„¢ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •