Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dan crowley vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-4864
MiCasaVerde VeraLite with firmware 1.5.408 allows remote malicious users to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
Micasaverde Veralite Firmware 1.5.408
1 EDB exploit
8.8
CVSSv3
CVE-2013-4863
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote malicious users to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a...
Micasaverde Veralite Firmware 1.5.408
2 EDB exploits
1 Github repository
8.1
CVSSv3
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
Micasaverde Veralite Firmware 1.5.408
1 EDB exploit
6.5
CVSSv3
CVE-2013-4861
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
Micasaverde Veralite Firmware 1.5.408
1 EDB exploit
6.5
CVSSv3
CVE-2013-4865
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote malicious users to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
Micasaverde Veralite Firmware 1.5.408
1 EDB exploit
6.3
CVSSv3
CVE-2013-4867
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking
Ea Karotz Smart Rabbit Firmware 12.07.19.00
1 EDB exploit
5.3
CVSSv3
CVE-2013-4868
Karotz API 12.07.19.00: Session Token Information Disclosure
Karotz Api 12.07.19.00
1 EDB exploit
NA
CVE-2013-4866
The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate malicious users to trigger physical resource consumption (water or heat) or user discomfort.
Lixil My Satis Genius Toilet -
NA
CVE-2013-4860
Radio Thermostat CT80 And CT50 with firmware 1.4.64 and previous versions does not restrict access to the API, which allows remote malicious users to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.
Radiothermostat Ct50 Firmware
Radiothermostat Ct50 -
Radiothermostat Ct80 Firmware
Radiothermostat Ct80 -
NA
CVE-2005-0945
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote malicious users to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
Asp Press Acs Blog 1.1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started