Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
steele vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-1960
The getemails function in C.J. Steele Tattle allows remote malicious users to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.
645
VMScore
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote malicious users to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Dcscripts Dcforum 2.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 3.0
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 4.0
1 EDB exploit
505
VMScore
CVE-2001-1170
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote malicious users to steal account and PIN numbers.
Amtote International Homebet
1 EDB exploit
505
VMScore
CVE-2001-1528
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote malicious users to determine the existence of valid account numbers via a brute force attack.
Amtote Homebet -
1 EDB exploit
466
VMScore
CVE-2011-4642
mappy.py in Splunk Web in Splunk 4.2.x prior to 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as d...
Splunk Splunk 4.2.3
Splunk Splunk 4.2.2
Splunk Splunk 4.2
Splunk Splunk 4.2.4
Splunk Splunk 4.2.1
1 EDB exploit
3 Github repositories
935
VMScore
CVE-2011-4644
Splunk 4.2.5 and previous versions, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote malicious users to (1) read arbitrary files via a management-console se...
Splunk Splunk 3.3.1
Splunk Splunk 4.0.4
Splunk Splunk 2.1
Splunk Splunk 3.3.4
Splunk Splunk 3.0
Splunk Splunk 4.0.6
Splunk Splunk 4.1.2
Splunk Splunk 3.2
Splunk Splunk 4.1.1
Splunk Splunk 4.2.3
Splunk Splunk 4.0
Splunk Splunk 3.4.13
Splunk Splunk 3.0.1
Splunk Splunk 3.3.2
Splunk Splunk 4.2.2
Splunk Splunk 3.4.9
Splunk Splunk 4.0.3
Splunk Splunk 4.1.8
Splunk Splunk 3.4.10
Splunk Splunk 4.1.3
Splunk Splunk 3.4.8
Splunk Splunk 3.2.3
1 EDB exploit
405
VMScore
CVE-2011-4643
Multiple directory traversal vulnerabilities in Splunk 4.x prior to 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.
Splunk Splunk 4.0.4
Splunk Splunk 4.0.6
Splunk Splunk 4.1.2
Splunk Splunk 4.1.1
Splunk Splunk 4.2.3
Splunk Splunk 4.0
Splunk Splunk 4.2.2
Splunk Splunk 4.0.3
Splunk Splunk 4.1.8
Splunk Splunk 4.1.3
Splunk Splunk 4.2
Splunk Splunk 4.0.8
Splunk Splunk 4.0.5
Splunk Splunk 4.1.5
Splunk Splunk 4.0.9
Splunk Splunk 4.0.11
Splunk Splunk 4.2.4
Splunk Splunk 4.0.10
Splunk Splunk 4.1.7
Splunk Splunk 4.1.4
Splunk Splunk 4.1
Splunk Splunk 4.0.1
1 EDB exploit
NA
CVE-2011-4779
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4642. Reason: This candidate is a reservation duplicate of CVE-2011-4642. Notes: All CVE users should reference CVE-2011-4642 instead of this candidate. All references and descriptions in this candidate have ...
1 EDB exploit
755
VMScore
CVE-2013-0209
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x up to and including 4.38 does not require authentication for requests to database-migration functions, which allows remote malicious users to conduct eval injection and SQL injection attacks via crafted parameters,...
Sixapart Movable Type 4.33
Sixapart Movable Type 4.34
Sixapart Movable Type 4.24
Sixapart Movable Type 4.291
Sixapart Movable Type 4.23
Sixapart Movable Type 4.36
Sixapart Movable Type 4.261
Sixapart Movable Type 4.35
Sixapart Movable Type 4.29
Sixapart Movable Type 4.292
Sixapart Movable Type 4.26
Sixapart Movable Type 4.38
Sixapart Movable Type 4.37
Sixapart Movable Type 4.21
Sixapart Movable Type 4.27
Sixapart Movable Type 4.28
Sixapart Movable Type 4.32
Sixapart Movable Type 4.25
Sixapart Movable Type 4.31
Sixapart Movable Type 4.361
Sixapart Movable Type 4.22
1 EDB exploit
796
VMScore
CVE-2000-0884
IIS 4.0 and 5.0 allows remote malicious users to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
9 EDB exploits
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »