Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hyp3rlinx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6944
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote malicious users to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.
Jsp\\/mysql Administrador Web Project Jsp\\/mysql Administrador Web 1.0
1 EDB exploit
NA
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
NA
CVE-2015-6517
Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote malicious users to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.
Phpliteadmin Project Phpliteadmin 1.1
1 EDB exploit
NA
CVE-2015-5354
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
Novius-os Novius Os 5.0.1
1 EDB exploit
5.5
CVSSv3
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
Taskautomation Carbonftp 1.4
4.9
CVSSv3
CVE-2016-4314
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
Wso2 Carbon 4.4.5
1 EDB exploit
8.8
CVSSv3
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
NA
CVE-2024-25734
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote malicious users to enumerate user accounts.
NA
CVE-2024-25735
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
1 Github repository
NA
CVE-2024-25736
An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »