Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis for server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9741
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis For Desktop
Esri Arcgis For Engine
Esri Arcgis For Server
NA
CVE-2014-5121
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Esri Arcgis For Server 10.1.1
NA
CVE-2014-5122
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
Esri Arcgis For Server 10.1.1
7.5
CVSSv3
CVE-2022-38203
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38211
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38212
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
NA
CVE-2013-7232
SQL injection vulnerability in ESRI ArcGIS for Server up to and including 10.2 allows remote malicious users to execute arbitrary SQL commands via unspecified input to the map or feature service.
Esri Arcgis 10.1
Esri Arcgis
NA
CVE-2013-7231
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
Esri Arcgis 10.1
Esri Arcgis 10.2
NA
CVE-2013-5221
The mobile-upload feature in Esri ArcGIS for Server 10.1 up to and including 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
Esri Arcgis 10.2
Esri Arcgis 10.1
NA
CVE-2012-4949
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Esri Arcgis 10.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »