Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
knowledge vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-37558
A SQL injection vulnerability in a MediaWiki script in Centreon prior to 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated malicious users to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only wh...
Centreon Centreon
6.1
CVSSv3
CVE-2019-14350
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation.
Espocrm Espocrm 5.6.4
9.8
CVSSv3
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages prior to 1.1.12 does not require knowledge of the cleartext password, which allows remote malicious users to bypass authentication by leveraging knowledge of the administrator password hash.
Handsomeweb Sos Webpages
6.8
CVSSv3
CVE-2014-5040
HP Helion Eucalyptus 4.1.x prior to 4.1.2 and HPE Helion Eucalyptus 4.2.x prior to 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leve...
Eucalyptus Eucalyptus 4.1.1
Eucalyptus Eucalyptus 4.2.0
4.3
CVSSv3
CVE-2023-37890
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPr...
Liquidweb Kb Support
NA
CVE-2014-3945
The Authentication component in TYPO3 prior to 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote malicious users to bypass authentication and gain access to the backend by le...
Typo3 Typo3 4.7.5
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.6
Typo3 Typo3 4.7.8
Typo3 Typo3 4.1.11
Typo3 Typo3 4.5.30
Typo3 Typo3 4.1.1
Typo3 Typo3 4.7.17
Typo3 Typo3 4.5.3
Typo3 Typo3 4.6.16
Typo3 Typo3 4.5.27
Typo3 Typo3 4.2.14
Typo3 Typo3 4.3.5
Typo3 Typo3 4.5.9
Typo3 Typo3 4.3.8
Typo3 Typo3 4.5.12
Typo3 Typo3 6.0.11
Typo3 Typo3 6.0.1
Typo3 Typo3 4.2.4
Typo3 Typo3 4.1
Typo3 Typo3 4.5.24
Typo3 Typo3 6.1.3
7.5
CVSSv3
CVE-2021-32937
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and writ...
Auvesy-mdt Autosave
Auvesy-mdt Autosave For System Platform
Auvesy-mdt Autosave For System Platform 5.00
9.8
CVSSv3
CVE-2018-19392
Cobham Satcom Sailor 250 and 500 devices prior to 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All th...
Cobham Satcom Sailor 250 Firmware
Cobham Satcom Sailor 500 Firmware
8.1
CVSSv3
CVE-2015-5246
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Theforeman Foreman 1.9.0
8.1
CVSSv3
CVE-2017-6343
The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote malicious users to obtain login access by leveraging knowledge of the MD5 Admin Hash w...
Dahuasecurity Camera Firmware 2.400.0000.28.r
Dahuasecurity Nvr Firmware 3.210.0001.10
Dahuasecurity Smartpss Firmware 1.16.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »