Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20853
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt...
Aenrich A\\+hrd 6.8.1039v844
5
CVSSv2
CVE-2015-6355
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote malicious users to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
Cisco Unified Computing System 2.2\\(5b\\)a
6.8
CVSSv2
CVE-2010-1454
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 prior to 6.0.20.D, and 6.0.25.A prior to 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote m...
Vmware Tc Server 6.0.25.a
Vmware Tc Server 6.0.20.a
Vmware Tc Server 6.0.19.a
Vmware Tc Server 6.0.20
Vmware Tc Server 6.0.20.b
Vmware Tc Server 6.0.20.c
Vmware Tc Server 6.0.19
3.3
CVSSv2
CVE-2007-4590
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.
Hp Dynrootdisk A.1.0.16.417
Hp Dynrootdisk A.2.0.0.592
Hp Dynrootdisk A.1.0.18.245
Hp Dynrootdisk A.1.1.0.344
Hp Hp-ux 11.23
Hp Hp-ux 11.31
Hp Hp-ux 11.11
Hp Ignite-ux C.7.1.92
Hp Ignite-ux C.7.2.93
Hp Ignite-ux C.7.3.144
Hp Ignite-ux C.7.0.212
5
CVSSv2
CVE-2003-1541
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
Planetmoon Guestbook Tr3.a.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-4207
SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote malicious users to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters.
Kerberosdev Gallery In A Box
4.3
CVSSv2
CVE-2006-1657
Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page.
Chucky A. Ivey N.t. 1.1.0
NA
CVE-2023-2079
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This ...
Buymeacoffee Buy Me A Coffee
NA
CVE-2023-2578
The Buy Me a Coffee WordPress plugin prior to 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisit...
Buymeacoffee Buy Me A Coffee
7.2
CVSSv2
CVE-2000-0296
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
Michael A. Gumienny Fcheck 2.7.45
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »