Page 75 of 35344 results (0.347 seconds)

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0

Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. • https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest https://servicedesk.logpoint.com/hc/en-us/articles/21968851138461-Remote-Code-Execution-RCE-in-EventHub-Collector https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 3.8EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. ... A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejecución remota de comandos (RCE) en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejecución remota de comandos (RCE) en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. Una explotación exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •