Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-7299
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote malicious users to execute arbitrary SQL commands via the xml parameter.
Nintex K2 Blackpearl 4.6.7
Nintex K2 For Sharepoint 4.6.7
Nintex K2 Smartforms 4.6.7
6.4
CVSSv2
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
K2 Smartforms 4.6.11
5
CVSSv2
CVE-2018-7482
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an malicious user to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specifi...
Joomlaworks K2 2.8.0
7.5
CVSSv2
CVE-2009-2395
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and previous versions for Joomla! allows remote malicious users to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
Joomlaworks Com K2
1 EDB exploit
NA
CVE-2023-40796
Phicomm k2 v22.6.529.216 exists to contain a command injection vulnerability via the function luci.sys.call.
Phicomm K2 Firmware 22.6.529.216
NA
CVE-2022-48070
Phicomm K2 v22.6.534.263 exists to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
Phicomm K2 Firmware 22.6.534.263
NA
CVE-2022-48072
Phicomm K2G v22.6.3.20 exists to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
Phicomm K2 Firmware 22.6.3.20
NA
CVE-2022-48071
Phicomm K2 v22.6.534.263 exists to store the root and admin passwords in plaintext.
Phicomm K2 Firmware 22.6.534.263
NA
CVE-2022-48073
Phicomm K2G v22.6.3.20 exists to store the root and admin passwords in plaintext.
Phicomm K2 Firmware 22.6.534.263
9
CVSSv2
CVE-2017-11495
PHICOMM K2(PSG1218) devices V22.5.11.5 and previous versions allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
Phicomm K2(psg1218)-firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »