Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4102
Joomla! 1.5 prior to 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for malicious users to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008...
Joomla Joomla 1.5
Joomla Joomla 1.5.1
Joomla Joomla 1.5.2
Joomla Joomla 1.5.3
Joomla Joomla 1.5.4
Joomla Joomla 1.5.5
Joomla Joomla 1.5.6
7.8
CVSSv3
CVE-2020-15264
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged...
Chocolatey Boxstarter
7.8
CVSSv3
CVE-2018-7581
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
Weblogexpert Weblog Expert 9.4
1 EDB exploit
NA
CVE-2011-0766
The random number generator in the Crypto application prior to 2.0.2.2, and SSH prior to 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote malicious users to guess DSA host and SSH sessio...
Ssh Ssh
Erlang Erlang\\/otp R14b01
Erlang Erlang\\/otp R14b
Erlang Erlang\\/otp R11b-5
Erlang Erlang\\/otp R13b03
Erlang Erlang\\/otp R13b
Erlang Erlang\\/otp R12b-5
Erlang Erlang\\/otp R13b04
Erlang Erlang\\/otp R13b02-1
Erlang Erlang\\/otp R14a
Erlang Crypto
Erlang Erlang\\/otp R14b02
9.8
CVSSv3
CVE-2020-11720
An issue exists in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.
Bilanc Bilanc
4.4
CVSSv3
CVE-2022-0022
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-...
Paloaltonetworks Pan-os
NA
CVE-2000-1164
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
Att Winvnc 3.3.3
Att Winvnc 3.3.3r7
7.8
CVSSv3
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for malicious users to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow...
Sophos Endpoint Protection 10.7
1 EDB exploit
NA
CVE-2009-4235
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.
Tim Hockin Acpid 1.0.4
NA
CVE-2011-5095
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle malicious users to obtain the shared secret key by modifying network traffic, a related issue to ...
Openssl Openssl 0.9.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »