Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen1thlabs vulnerabilities and exploits
(subscribe to this query)
8.3
CVSSv3
CVE-2019-7229
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission ...
Abb Board Support Package Un31
Abb Cp620 Firmware
Abb Cp620-web Firmware
Abb Cp630 Firmware
Abb Cp630-web Firmware
Abb Cp635 Firmware
Abb Cp635-b Firmware
Abb Cp635-web Firmware
7.5
CVSSv3
CVE-2019-11889
Sony BRAVIA Smart TV devices allow remote malicious users to cause a denial of service (device hang) via a crafted web page over HbbTV.
Sony Bravia Firmware -
8.1
CVSSv3
CVE-2019-11336
Sony Bravia Smart TV devices allow remote malicious users to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
Sony Photo Sharing Plus
NA
CVE-2019-1189
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none
7.5
CVSSv3
CVE-2019-11890
Sony Bravia Smart TV devices allow remote malicious users to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.
Sony Bravia Firmware -
5.9
CVSSv3
CVE-2019-10886
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an malicious user to read arbitrary files without authentication over HTTP when Photo Sha...
Sony Photo Sharing Plus
6.4
CVSSv3
CVE-2020-8838
An issue exists in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by provi...
Zohocorp Manageengine Assetexplorer 6.5
9.8
CVSSv3
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus before 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an malicious user to bypass authentication for this server and execute all operations in the context of admin user.
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
7.2
CVSSv3
CVE-2019-19034
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an malicious user to execute arbitrary commands on the AssetExplorer Server with N...
Zohocorp Manageengine Assetexplorer 6.5
8.8
CVSSv3
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus before 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated malicious user to execute code in the context of the product by writing a JS...
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started