Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web services vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-11204
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information ...
Tibco Spotfire Statistics Services
Tibco Spotfire Statistics Services 10.0.0
NA
CVE-2010-0715
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 up to and including 5.1.0.5, 6.0.0.0 up to and including 6.0.0.4, 6.0.1.0 up to and including 6.0.1.7, 6.1.0.0 up to an...
Ibm Websphere Portal 6.0.0.0
Ibm Websphere Portal 6.0.0.1
Ibm Websphere Portal 6.0.1.1
Ibm Websphere Portal 6.0.1.2
Ibm Websphere Portal 6.1.0.1
Ibm Websphere Portal 6.1.0.2
Ibm Websphere Portal 6.1.0.3
Ibm Websphere Portal 6.0.0.2
Ibm Websphere Portal 5.1.0.4
Ibm Websphere Portal 6.0.1.3
Ibm Websphere Portal 6.0.1.4
Ibm Websphere Portal 6.1.5.0
Ibm Websphere Portal 5.1.0.3
Ibm Websphere Portal 5.1.0.2
Ibm Websphere Portal 5.1.0.1
Ibm Websphere Portal 6.0.0.3
Ibm Websphere Portal 6.0.1.5
Ibm Websphere Portal 6.0.1.6
Ibm Websphere Portal 5.1.0.0
Ibm Websphere Portal 5.1.0.5
Ibm Websphere Portal 6.0.0.4
Ibm Websphere Portal 6.0.1.0
9.8
CVSSv3
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Apache Struts
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Mysql Enterprise Monitor
10 Github repositories
1 Article
NA
CVE-2014-1816
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote malicious users to discover (1) full pathnames on the client system and (2) local usernames embedded in th...
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
NA
CVE-2006-1369
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and previous versions prior to 20060308 allows remote malicious users to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
Invision Power Services Invision Power Board 2.1 Alpha2
Invision Power Services Invision Power Board 2.1
Invision Power Services Invision Power Board 2.1.5
9.8
CVSSv3
CVE-2019-1976
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote malicious user to access sensitive information on an affected device. The vulnerability is due to improper access restri...
Cisco Industrial Network Director
Cisco Network Level Service 1.6\\(0.369\\)
NA
CVE-2006-4685
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 up to and including 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted malicious users to access content from other domains.
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Xml Parser 2.6
Microsoft Xml Core Services 3.0
NA
CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
Invision Power Services Invision Board 1.0.1
Invision Power Services Invision Board 1.0
NA
CVE-2006-4686
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 up to and including 6.0 allows remote malicious users to execute arbitrary code via a crafted Web page.
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Xml Parser 2.6
9.8
CVSSv3
CVE-2017-7658
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the ...
Eclipse Jetty
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 16.0
Oracle Retail Xstore Payment 3.3
Oracle Retail Xstore Point Of Service 17.0
Oracle Rest Data Services 12.2.0.1
Oracle Rest Data Services 12.1.0.2
Oracle Rest Data Services 11.2.0.4
Oracle Rest Data Services 18c
Hp Xp P9000 Command View
Netapp Snap Creator Framework -
Netapp Santricity Cloud Connector -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Management -
Netapp E-series Santricity Os Controller
Netapp Oncommand System Manager
Netapp Solidfire -
Netapp Hci Management Node -
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »