Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sub vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1852
ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote malicious users to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to m...
Hp Openview Network Node Manager 7.51
Hp Openview Network Node Manager 7.53
NA
CVE-2014-8376
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module prior to 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML vi...
Site Banner Project Site Banner
NA
CVE-2014-8379
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module prior to 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules...
Marketo Ma Project Marketo Ma
NA
CVE-2023-4563
Rejected reason: This was assigned as a duplicate of CVE-2023-4244.
2 Github repositories
NA
CVE-2024-3289
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions before 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-defau...
NA
CVE-2012-3516
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to ...
Citrix Xenserver
Xen Xen 4.2.0
6.1
CVSSv3
CVE-2017-6397
An issue exists in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the v...
Flightairmap Flightairmap 1.0
NA
CVE-2009-3156
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x prior to 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML v...
Drupal Drupal
Karen Stevenson Date 6.x-1.0-beta
Karen Stevenson Date 6.x-1.x-dev
Karen Stevenson Date 6.x-2.0
Karen Stevenson Date 6.x-2.0-beta
Karen Stevenson Date 6.x-2.0-beta2
Karen Stevenson Date 6.x-2.0-beta3
Karen Stevenson Date 6.x-2.0-beta4
Karen Stevenson Date 6.x-2.1
Karen Stevenson Date 6.x-2.2
NA
CVE-2013-4212
Certain getText methods in the ActionSupport controller in Apache Roller prior to 5.0.2 allow remote malicious users to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login...
Apache Roller 4.0.1
Apache Roller
Apache Roller 4.0
Apache Roller 5.0
1 EDB exploit
1 Github repository
5.4
CVSSv3
CVE-2023-3509
An issue has been discovered in GitLab affecting all versions prior to 16.7.6, all versions starting from 16.8 prior to 16.8.3, all versions starting from 16.9 prior to 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible ...
Gitlab Gitlab 16.9.0
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »