Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-10867
An issue exists in Pimcore prior to 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controlle...
Pimcore Pimcore
1 EDB exploit
1 Github repository
NA
CVE-2006-1016
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote malicious users to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
Microsoft Internet Explorer 6.0
1 EDB exploit
NA
CVE-2008-3979
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not ...
Oracle Database 10g 10.2.0.2
Oracle Database 10g 10.1.0.5
1 EDB exploit
8.8
CVSSv3
CVE-2014-5468
A File Inclusion vulnerability exists in Railo 4.2.1 and previous versions via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
Getrailo Railo
1 EDB exploit
NA
CVE-2014-5470
ActualAnalyzer - 'ant' Cookie Command Execution (Metasploit)
1 EDB exploit
NA
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and previous versions uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Zohocorp Manageengine Opmanager 11.5
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2020-8657
An issue exists in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an malicious user to calculate/guess the admin access token.
Eyesofnetwork Eyesofnetwork 5.3-0
1 EDB exploit
NA
CVE-2007-5699
Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote malicious users to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command, a different vector than CVE-2007-2059.
Eiqnetworks Enterprise Security Analyzer 2.5
1 EDB exploit
NA
CVE-2015-7766
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and previous versions allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Zohocorp Manageengine Opmanager 11.6
Zohocorp Manageengine Opmanager
1 EDB exploit
NA
CVE-2013-3632
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
Openmediavault Openmediavault -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »