CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2020-7357 78 Exec Code 2020-08-06 2020-08-11
9.0
None Remote Low ??? Complete Complete Complete
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
1152 CVE-2020-7356 89 Exec Code Sql 2020-08-06 2020-08-12
10.0
None Remote Low Not required Complete Complete Complete
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
1153 CVE-2020-7351 78 Exec Code 2020-05-01 2020-05-06
9.0
None Remote Low ??? Complete Complete Complete
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.
1154 CVE-2020-7247 252 Exec Code 2020-01-29 2021-04-06
10.0
None Remote Low Not required Complete Complete Complete
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
1155 CVE-2020-7244 78 Exec Code 2020-01-20 2020-01-24
9.0
None Remote Low ??? Complete Complete Complete
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
1156 CVE-2020-7243 78 Exec Code 2020-01-20 2020-01-24
9.0
None Remote Low ??? Complete Complete Complete
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
1157 CVE-2020-7242 78 Exec Code 2020-01-20 2020-01-24
9.0
None Remote Low ??? Complete Complete Complete
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
1158 CVE-2020-7240 78 Exec Code 2020-01-20 2020-02-05
9.0
None Remote Low ??? Complete Complete Complete
** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.'
1159 CVE-2020-7237 78 Exec Code 2020-01-20 2020-02-19
9.0
None Remote Low ??? Complete Complete Complete
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.
1160 CVE-2020-7233 798 2020-01-19 2020-01-29
10.0
None Remote Low Not required Complete Complete Complete
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.
1161 CVE-2020-7199 287 DoS Exec Code +Priv Bypass 2020-12-02 2020-12-04
10.0
None Remote Low Not required Complete Complete Complete
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
1162 CVE-2020-7195 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1163 CVE-2020-7194 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1164 CVE-2020-7193 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1165 CVE-2020-7192 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1166 CVE-2020-7191 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1167 CVE-2020-7190 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1168 CVE-2020-7189 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1169 CVE-2020-7188 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1170 CVE-2020-7187 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1171 CVE-2020-7186 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1172 CVE-2020-7185 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1173 CVE-2020-7184 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1174 CVE-2020-7183 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1175 CVE-2020-7182 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1176 CVE-2020-7181 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1177 CVE-2020-7180 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1178 CVE-2020-7179 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1179 CVE-2020-7178 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1180 CVE-2020-7177 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1181 CVE-2020-7176 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1182 CVE-2020-7175 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1183 CVE-2020-7174 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1184 CVE-2020-7173 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1185 CVE-2020-7172 74 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1186 CVE-2020-7171 74 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1187 CVE-2020-7170 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1188 CVE-2020-7169 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1189 CVE-2020-7168 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1190 CVE-2020-7167 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1191 CVE-2020-7166 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1192 CVE-2020-7165 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1193 CVE-2020-7164 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1194 CVE-2020-7163 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1195 CVE-2020-7162 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1196 CVE-2020-7161 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1197 CVE-2020-7160 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1198 CVE-2020-7159 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1199 CVE-2020-7158 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1200 CVE-2020-7157 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.