Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aloyce j. makalanga vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-17968
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and previous versions could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
Xi-soft Nettransport Download Manager
1 EDB exploit
6.1
CVSSv3
CVE-2017-17752
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
Codecrafters Ability Mail Server 3.3.2
1 EDB exploit
6.1
CVSSv3
CVE-2017-17933
cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.
Netwin Surgeftp 23f2
6.1
CVSSv3
CVE-2019-9557
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
Codecrafters Ability Mail Server 4.2.6
7.8
CVSSv3
CVE-2018-20331
Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x...
Antiy Anti Virus Lab Atool 1.0.0.22
6.1
CVSSv3
CVE-2018-6944
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Ultimatemember Ultimate Member 2.0
6.1
CVSSv3
CVE-2019-9558
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
Mailtraq Webmail 2.17.7.3550
6.1
CVSSv3
CVE-2018-6943
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Ultimatemember Ultimatemember 2.0
9.8
CVSSv3
CVE-2017-17849
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and previous versions could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
Getgosoft Getgo Download Manager
2 EDB exploits
9.8
CVSSv3
CVE-2017-17932
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and previous versions that could allow remote malicious users to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.
Allmediaserver Allmediaserver
3 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started