Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
knowledge vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages prior to 1.1.12 does not require knowledge of the cleartext password, which allows remote malicious users to bypass authentication by leveraging knowledge of the administrator password hash.
Handsomeweb Sos Webpages
4
CVSSv2
CVE-2014-3945
The Authentication component in TYPO3 prior to 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote malicious users to bypass authentication and gain access to the backend by le...
Typo3 Typo3 4.0.0
Typo3 Typo3 4.0.1
Typo3 Typo3 4.0.10
Typo3 Typo3 4.0
Typo3 Typo3 4.0.12
Typo3 Typo3 4.0.2
Typo3 Typo3 4.0.4
Typo3 Typo3 4.0.9
Typo3 Typo3 4.1.0
Typo3 Typo3 4.1.15
Typo3 Typo3 4.1.3
Typo3 Typo3 4.1.8
Typo3 Typo3 4.2
Typo3 Typo3 4.2.1
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.16
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.9
Typo3 Typo3 4.3.13
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.9
NA
CVE-2023-37890
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPr...
Liquidweb Kb Support
4.6
CVSSv2
CVE-2014-5040
HP Helion Eucalyptus 4.1.x prior to 4.1.2 and HPE Helion Eucalyptus 4.2.x prior to 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leve...
Eucalyptus Eucalyptus 4.1.1
Eucalyptus Eucalyptus 4.2.0
5
CVSSv2
CVE-2021-32937
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and writ...
Auvesy-mdt Autosave
Auvesy-mdt Autosave For System Platform
Auvesy-mdt Autosave For System Platform 5.00
5
CVSSv2
CVE-2018-19392
Cobham Satcom Sailor 250 and 500 devices prior to 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All th...
Cobham Satcom Sailor 250 Firmware
Cobham Satcom Sailor 500 Firmware
9.3
CVSSv2
CVE-2017-6343
The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote malicious users to obtain login access by leveraging knowledge of the MD5 Admin Hash w...
Dahuasecurity Nvr Firmware 3.210.0001.10
Dahuasecurity Smartpss Firmware 1.16.1
Dahuasecurity Camera Firmware 2.400.0000.28.r
6.8
CVSSv2
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Theforeman Foreman 1.9.0
10
CVSSv2
CVE-2005-3653
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway prior to 4.0.051230, allows remote malicious users to execute arbitrary code via an HTTP request with a negative Content-Length field.
Broadcom Brightstor Arcserve Backup 11.1
Broadcom Brightstor Arcserve Backup 11.5
Ca Brightstor Enterprise Backup 10.5
Broadcom Brightstor Portal 11.1
Broadcom Brightstor Storage Resource Manager 6.4
Broadcom Etrust Admin 8.1
Ca Etrust Directory 8.1 Web Components
Broadcom Etrust Identity Minder 8.0
Ca Unicenter Exchange Management Console 11.0
Ca Unicenter Management 11.0
Ca Unicenter Service Fulfillment 11.0
Broadcom Unicenter Service Fulfillment 2.2
Broadcom Brightstor Arcserve Backup Laptops Desktops 11.0
Broadcom Brightstor Arcserve Backup Laptops Desktops 11.1
Broadcom Brightstor San Manager 11.5
Broadcom Brightstor Storage Resource Manager 11.1
Broadcom Etrust Audit Aries 8.0
Broadcom Etrust Audit Irecorder 1.5
Ca Unicenter Application Performance Monitor 11.0
Ca Unicenter Application Server Managment 11.0
Broadcom Unicenter Asset Portfolio Management 11.0
Ca Unicenter Service Catalog Fulfillment Accounting 11.0
7.5
CVSSv2
CVE-2016-0726
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote malicious users to obtain access by leveraging knowledge of the credentials.
Nagios Nagios -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »