Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2018-15485
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
Kone Group Controller Firmware
10
CVSSv2
CVE-2018-15484
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
Kone Group Controller Firmware
7.8
CVSSv2
CVE-2018-15483
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.
Kone Group Controller Firmware
6.4
CVSSv2
CVE-2018-15486
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
Kone Group Controller Firmware
7.5
CVSSv2
CVE-2013-3294
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.2.0 release candidate 1 allow remote malicious users to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
Exponentcms Exponent Cms 2.0.8
Exponentcms Exponent Cms 2.0.0
Exponentcms Exponent Cms 2.1.3
Exponentcms Exponent Cms 2.0.6
Exponentcms Exponent Cms 0.98.0
Exponentcms Exponent Cms 2.1.1
Exponentcms Exponent Cms 2.0.3
Exponentcms Exponent Cms 2.0.5
Exponentcms Exponent Cms
Exponentcms Exponent Cms 2.0.9
Exponentcms Exponent Cms 2.1.0
Exponentcms Exponent Cms 2.1.2
Exponentcms Exponent Cms 2.0.4
Exponentcms Exponent Cms 2.1.4
Exponentcms Exponent Cms 0.99.0
Exponentcms Exponent Cms 2.0.7
Exponentcms Exponent Cms 2.0.1
Exponentcms Exponent Cms 2.0.2
Exponentcms Exponent Cms 0.97.0
1 EDB exploit
10
CVSSv2
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine up to and including 10.0r8a allows malicious users to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to ...
Extremenetworks Aerohive Netconfig 10.0r8a
Extremenetworks Aerohive Netconfig
1 Metasploit module
2 Github repositories
6
CVSSv2
CVE-2013-3238
phpMyAdmin 3.5.x prior to 3.5.8 and 4.x prior to 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
Phpmyadmin Phpmyadmin 3.5.4
Phpmyadmin Phpmyadmin 3.5.2.2
Phpmyadmin Phpmyadmin 3.5.6
Phpmyadmin Phpmyadmin 3.5.5
Phpmyadmin Phpmyadmin 3.5.1.0
Phpmyadmin Phpmyadmin 3.5.7
Phpmyadmin Phpmyadmin 3.5.8
Phpmyadmin Phpmyadmin 3.5.3.0
Phpmyadmin Phpmyadmin 3.5.2.1
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 3.5.2.0
Phpmyadmin Phpmyadmin 3.5.0.0
2 EDB exploits
3.5
CVSSv2
CVE-2009-3581
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts ...
Sql-ledger Sql-ledger 2.8.24
6.5
CVSSv2
CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operatio...
Sql-ledger Sql-ledger 2.8.24
5.1
CVSSv2
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
Sql-ledger Sql-ledger 2.8.24
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »