Page 455 of 45886 results (0.184 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://ni.com/r/CVE-2024-4044 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/z-downloads/wordpress-z-downloads-plugin-1-11-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Antes de v1.10.3-lts, había muchas inyecciones de comandos en el proyecto y algunas de ellas no estaban bien filtradas, lo que provocaba escrituras de archivos arbitrarias y, en última instancia, RCE. El símbolo de escritura de configuración espejo `>` se puede utilizar para lograr la escritura de archivos arbitraria. • https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L98 https://plugins.trac.wordpress.org/changeset/3083657 https://www.wordfence.com/threat-intel/vulnerabilities/id/ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •