servers vulnerabilities and exploits

(subscribe to this query)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions before 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from...

Roxy-wi Roxy-wi

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computat...

Openssl Openssl 3.0.4 Netapp Snapcenter -Netapp H410c Firmware -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H410s Firmware -

3 Github repositories

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis...

1 Github repository1 Article

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the ...

7 Github repositories1 Article

H2 Console prior to 2.1.210 allows remote malicious users to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

H2database H2 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0 Oracle Communications Cloud Native Core Console 1.9.0

5 Github repositories

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited thr...

H2database H2 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0 Oracle Communications Cloud Native Core Policy 1.15.0

8 Github repositories

The Zscaler Client Connector for Windows before 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.

Zscaler Client Connector

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server 2013 Microsoft Exchange Server 2019 Microsoft Exchange Server 2016

17 Github repositories10 Articles

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 an...

Ncr Command Center Agent 16.3

2 Github repositories

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote malicious user to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied in...

Cisco Enterprise Nfv Infrastructure Software Cisco Integrated Management Controller

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook