Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
on-premise vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-12145
Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances t...
Silver-peak Unity Orchestrator
3.5
CVSSv2
CVE-2020-1063
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
Microsoft Dynamics 365 8.2
Microsoft Dynamics 365 9.0
5
CVSSv2
CVE-2020-8982
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or ins...
Citrix Sharefile Storagezones Controller 5.9.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller
1 Github repository
5
CVSSv2
CVE-2020-8983
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be...
Citrix Sharefile Storagezones Controller 5.9.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller
1 Github repository
10
CVSSv2
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may...
Sysaid On-premise 20.1.11
5
CVSSv2
CVE-2020-1018
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information t...
Microsoft Dynamics Nav 2017
Microsoft Dynamics Nav 2016
Microsoft Dynamics 365 Business Central 2019
Microsoft Dynamics Nav 2015
Microsoft Dynamics Nav 2018
Microsoft Dynamics 365 Business Central -
1 Article
3.5
CVSSv2
CVE-2020-1049
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is ...
Microsoft Dynamics 365 Server 9.0
1 Article
4.3
CVSSv2
CVE-2020-1050
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is ...
Microsoft Dynamics 365 Server 9.0
1 Article
3.5
CVSSv2
CVE-2020-0656
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
Microsoft Dynamics 365 7.0
1 Article
3.5
CVSSv2
CVE-2019-1375
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
Microsoft Dynamics 365
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »