Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-3500
The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent malicious users to bypass intended filesystem restrictions by leveraging access to a Gro...
Gwos Groundwork Monitor 6.7.0
NA
CVE-2013-3501
Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component.
Gwos Groundwork Monitor 6.7.0
8.8
CVSSv3
CVE-2018-6186
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Citrix Netscaler 12.0
6.1
CVSSv3
CVE-2015-8797
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr prior to 5.3.1 allows remote malicious users to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
Apache Solr
9.8
CVSSv3
CVE-2024-22108
An issue exists in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known v...
Gttb Gtb Central Console 15.17.1-30814.ng
NA
CVE-2001-0824
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote malicious users to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error ...
Ibm Websphere Application Server 3.0.2
Ibm Websphere Application Server 3.5
6.1
CVSSv3
CVE-2017-7998
Multiple cross-site scripting (XSS) vulnerabilities in Gespage prior to 7.4.9 allow remote malicious users to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp.
Gespage Gespage
7.2
CVSSv3
CVE-2024-22107
An issue exists in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attac...
Gttb Gtb Central Console 15.17.1-30814.ng
9.8
CVSSv3
CVE-2018-19971
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Jfrog Artifactory 6.5.9
NA
CVE-2009-4612
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x up to and including 6.1.21 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, a...
Mortbay Jetty 6.1.15
Mortbay Jetty 6.1.12
Mortbay Jetty 6.1.14
Mortbay Jetty 6.1.6
Mortbay Jetty 6.1.5
Mortbay Jetty 6.1.2
Mortbay Jetty 6.1.1
Mortbay Jetty 6.1.16
Mortbay Jetty 6.1.7
Mortbay Jetty 6.1.20
Mortbay Jetty 6.1.0
Mortbay Jetty 6.1.21
Mortbay Jetty 6.1.9
Mortbay Jetty 6.1.10
Mortbay Jetty 6.1.4
Mortbay Jetty 6.1.3
Mortbay Jetty 6.1.19
Mortbay Jetty 6.1.11
Mortbay Jetty 6.1.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »