Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
call to action vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-3206
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data ...
Exadel Flamingo 2.2.0
7.5
CVSSv2
CVE-2017-3207
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to...
Themidnightcoders Weborb For Java 5.1.1.0
7.5
CVSSv2
CVE-2017-3208
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive da...
Themidnightcoders Weborb For Java 5.1.1.0
9.3
CVSSv2
CVE-2010-1527
Stack-based buffer overflow in Novell iPrint Client prior to 5.44 allows remote malicious users to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
Novell Iprint 4.34
Novell Iprint 4.36
Novell Iprint 5.40
Novell Iprint
Novell Iprint 4.26
Novell Iprint 4.38
Novell Iprint 5.04
Novell Iprint 4.27
Novell Iprint 4.28
Novell Iprint 5.30
Novell Iprint 5.32
Novell Iprint 4.30
Novell Iprint 4.32
Novell Iprint 5.20b
Novell Iprint 5.12
2 EDB exploits
7.5
CVSSv2
CVE-2005-3591
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and previous versions and (2) libflashplayer.so prior to 7.0.25.0 (Unix) allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction Acti...
Macromedia Flash Player 6.0
Macromedia Flash Player 7.0 R19
Macromedia Flash Player 6.0.79.0
Macromedia Flash Player 7.0.19.0
Macromedia Flash Player 6.0.47.0
Macromedia Flash Player 6.0.65.0
Macromedia Flash Player 6.0.29.0
Macromedia Flash Player 6.0.40.0
1 EDB exploit
5.5
CVSSv2
CVE-2016-2340
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an X...
Graniteds Granite Data Services 3.1.1-snapshot
7.5
CVSSv2
CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were upd...
Accesspressthemes Accessbuddy 1.0.0
Accesspressthemes Accesspress Anonymous Post 2.8.0
Accesspressthemes Accesspress Basic 3.2.1
Accesspressthemes Accesspress Custom Css 2.0.1
Accesspressthemes Accesspress Custom Post Type 1.0.8
Accesspressthemes Accesspress Ifeeds 4.0.3
Accesspressthemes Accesspress Lite 2.92
Accesspressthemes Accesspress Mag 2.6.5
Accesspressthemes Accesspress Parallax 4.5
Accesspressthemes Accesspress Ray 1.19.5
Accesspressthemes Accesspress Root 2.5
Accesspressthemes Accesspress Social Counter 1.9.1
Accesspressthemes Accesspress Social Icons 1.8.2
Accesspressthemes Accesspress Social Login Lite 3.4.7
Accesspressthemes Accesspress Social Share 4.5.5
Accesspressthemes Accesspress Staple 1.9.1
Accesspressthemes Accesspress Store 2.4.9
Accesspressthemes Agency Lite 1.1.6
Accesspressthemes Ap Companion
Accesspressthemes Ap Contact Form 1.0.6
Accesspressthemes Ap Custom Testimonial 1.4.6
Accesspressthemes Ap Mega Menu 3.0.5
5
CVSSv2
CVE-2015-3269
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x prior to 3.0.0.354170, 4.5 prior to 4.5.1.354169, 4.6.2 prior to 4.6.2.354169, and 4.7 prior to 4.7.0.354169 and other products, allows remote malicious users to read arbitrary f...
Hp Business Service Management
Adobe Livecycle Data Services 3.0
Adobe Livecycle Data Services 4.5
Adobe Livecycle Data Services 4.6
Adobe Livecycle Data Services 4.7
3 Articles
7.5
CVSSv2
CVE-2017-5641
Previous versions of Apache Flex BlazeDS (4.7.2 and previous versions) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unkno...
Apache Flex Blazeds
Hp Xp Command View Advanced Edition
5
CVSSv2
CVE-2018-17143
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
Golang Net
Fedoraproject Fedora 28
Fedoraproject Fedora 29
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »