Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web services vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-11204
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information ...
Tibco Spotfire Statistics Services
Tibco Spotfire Statistics Services 10.0.0
6.8
CVSSv2
CVE-2010-0715
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 up to and including 5.1.0.5, 6.0.0.0 up to and including 6.0.0.4, 6.0.1.0 up to and including 6.0.1.7, 6.1.0.0 up to an...
Ibm Websphere Portal 6.0.0.0
Ibm Websphere Portal 6.0.0.1
Ibm Websphere Portal 6.0.1.1
Ibm Websphere Portal 6.0.1.2
Ibm Websphere Portal 6.1.0.1
Ibm Websphere Portal 6.1.0.2
Ibm Websphere Portal 6.1.0.3
Ibm Websphere Portal 6.0.0.2
Ibm Websphere Portal 5.1.0.4
Ibm Websphere Portal 6.0.1.3
Ibm Websphere Portal 6.0.1.4
Ibm Websphere Portal 6.1.5.0
Ibm Websphere Portal 5.1.0.3
Ibm Websphere Portal 5.1.0.2
Ibm Websphere Portal 5.1.0.1
Ibm Websphere Portal 6.0.0.3
Ibm Websphere Portal 6.0.1.5
Ibm Websphere Portal 6.0.1.6
Ibm Websphere Portal 5.1.0.0
Ibm Websphere Portal 5.1.0.5
Ibm Websphere Portal 6.0.0.4
Ibm Websphere Portal 6.0.1.0
7.5
CVSSv2
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Apache Struts
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Mysql Enterprise Monitor
10 Github repositories
1 Article
4.3
CVSSv2
CVE-2014-1816
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote malicious users to discover (1) full pathnames on the client system and (2) local usernames embedded in th...
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
6.8
CVSSv2
CVE-2006-1369
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and previous versions prior to 20060308 allows remote malicious users to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
Invision Power Services Invision Power Board 2.1 Alpha2
Invision Power Services Invision Power Board 2.1
Invision Power Services Invision Power Board 2.1.5
5
CVSSv2
CVE-2019-1976
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote malicious user to access sensitive information on an affected device. The vulnerability is due to improper access restri...
Cisco Industrial Network Director
Cisco Network Level Service 1.6\\(0.369\\)
2.6
CVSSv2
CVE-2006-4685
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 up to and including 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted malicious users to access content from other domains.
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Xml Parser 2.6
Microsoft Xml Core Services 3.0
5
CVSSv2
CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
Invision Power Services Invision Board 1.0.1
Invision Power Services Invision Board 1.0
7.5
CVSSv2
CVE-2006-4686
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 up to and including 6.0 allows remote malicious users to execute arbitrary code via a crafted Web page.
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Xml Parser 2.6
3.5
CVSSv2
CVE-2017-3180
Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context o...
Tibco Spotfire Automation Services
Tibco Spotfire Automation Services 7.0.0
Tibco Spotfire Automation Services 7.0.1
Tibco Spotfire Connectors 7.6.0
Tibco Spotfire Desktop Language Packs
Tibco Spotfire Desktop Language Packs 7.5.0
Tibco Spotfire Desktop Language Packs 7.6.0
Tibco Spotfire Desktop Language Packs 7.7.0
Tibco Spotfire Analyst 7.6.0
Tibco Spotfire Analytics Platform For Aws
Tibco Spotfire Deployment Kit
Tibco Spotfire Deployment Kit 7.0.1
Tibco Spotfire Deployment Kit 7.6.0
Tibco Spotfire Desktop 7.5.0
Tibco Spotfire Desktop 7.7.0
Tibco Spotfire Professional 7.0.0
Tibco Spotfire Web Player
Tibco Silver Fabric Enabler For Spotfire Web Player
Tibco Spotfire Deployment Kit 7.7.0
Tibco Spotfire Desktop
Tibco Spotfire Desktop 7.0.0
Tibco Spotfire Desktop 7.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »