Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aaron bishop vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-10719
BlogEngine.NET 3.3.7.0 and previous versions allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...
Dotnetblogengine Blogengine.net
4
CVSSv2
CVE-2020-11680
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying t...
Castel Nextgen Dvr Firmware 1.0.0
4.3
CVSSv2
CVE-2020-11682
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all reque...
Castel Nextgen Dvr Firmware 1.0.0
4.3
CVSSv2
CVE-2019-17115
Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server up to and including 4.2.0-b2047 allow remote malicious users to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displaye...
Wikidsystems Two Factor Authentication Enterprise Server
6.5
CVSSv2
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
Wikidsystems 2fa Enterprise Server 3.5.0
Wikidsystems 2fa Enterprise Server 3.4.85
Wikidsystems 2fa Enterprise Server 4.0
Wikidsystems 2fa Enterprise Server 4.0.1
Wikidsystems 2fa Enterprise Server 4.1.0
Wikidsystems 2fa Enterprise Server 4.2.0
Wikidsystems 2fa Enterprise Server 4.0.2
Wikidsystems 2fa Enterprise Server 3.4.87
Wikidsystems 2fa Enterprise Server 3.6.0
Wikidsystems 2fa Enterprise Server 3.4.81
6.8
CVSSv2
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allows a remote malicious user to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or di...
Wikidsystems 2fa Enterprise Server 3.4.87
Wikidsystems 2fa Enterprise Server 3.5.0
Wikidsystems 2fa Enterprise Server 3.6.0
Wikidsystems 2fa Enterprise Server 4.0.1
Wikidsystems 2fa Enterprise Server 4.0.2
Wikidsystems 2fa Enterprise Server 4.2.0
Wikidsystems 2fa Enterprise Server 3.4.81
Wikidsystems 2fa Enterprise Server 3.4.85
Wikidsystems 2fa Enterprise Server 4.1.0
Wikidsystems 2fa Enterprise Server 4.0
6.5
CVSSv2
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.
Wikidsystems Two Factor Authentication Enterprise Server
6.5
CVSSv2
CVE-2019-10720
BlogEngine.NET 3.3.7.0 and previous versions allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Blogengine Blogengine.net
4.3
CVSSv2
CVE-2020-5497
The OpenID Connect reference implementation for MITREid Connect up to and including 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
Mitreid Connect
5
CVSSv2
CVE-2019-10718
BlogEngine.NET 3.3.7.0 and previous versions allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.
Dotnetblogengine Blogengine.net
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »