Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolev farhi vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2014-6607
M/Monit 3.3.2 and previous versions does not verify the original password before changing passwords, which allows remote malicious users to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-640...
Mmonit M\\/monit
1 EDB exploit
685
VMScore
CVE-2014-6409
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
Mmonit M\\/monit
1 EDB exploit
605
VMScore
CVE-2015-8368
ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Ntop Ntopng
1 EDB exploit
405
VMScore
CVE-2014-3225
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x up to and including 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Cobblerd Cobbler 2.6.0
Cobblerd Cobbler 2.4.4
Cobblerd Cobbler 2.4.1
Cobblerd Cobbler 2.4.0
Cobblerd Cobbler 2.4.3
Cobblerd Cobbler 2.4.2
1 EDB exploit
435
VMScore
CVE-2014-6070
Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer prior to 3.6.6 allow remote malicious users to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.
Adiscon Loganalyzer 3.6.0
Adiscon Loganalyzer 3.6.4
Adiscon Loganalyzer
Adiscon Loganalyzer 3.6.1
Adiscon Loganalyzer 3.6.2
Adiscon Loganalyzer 3.6.3
1 EDB exploit
435
VMScore
CVE-2014-3738
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote malicious users to inject arbitrary web script or HTML via the title of a device.
Zenoss Zenoss 4.2.5
1 EDB exploit
355
VMScore
CVE-2014-3740
Cross-site scripting (XSS) vulnerability in SpiceWorks prior to 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
Spiceworks Spiceworks
Spiceworks Spiceworks 7.2.00189
Spiceworks Spiceworks 7.2.00174
1 EDB exploit
685
VMScore
CVE-2014-7190
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
Openfiler Openfiler 2.99.1
1 EDB exploit
561
VMScore
CVE-2014-4199
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation up to and including 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
Vmware Workstation 10.0.1
Vmware Workstation 10.0.2
Vmware Workstation
Vmware Tools
Vmware Workstation 10.0
Vmware Vm-support 0.88
418
VMScore
CVE-2014-4200
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation up to and including 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
Vmware Workstation 10.0.2
Vmware Workstation
Vmware Workstation 10.0
Vmware Workstation 10.0.1
Vmware Vm-support 0.88
Vmware Tools
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »