Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
full full - customer vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2017-6679
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for re...
Cisco Umbrella
NA
CVE-2023-3126
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or cus...
Webwizards B2bking
10
CVSSv2
CVE-2018-12048
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the ...
Canon Lbp7110cw Firmware -
10
CVSSv2
CVE-2018-12049
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps t...
Canon Lbp6030w Firmware -
10
CVSSv2
CVE-2018-11711
A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a cus...
Canon Mf210 Firmware -
Canon Mf220 Firmware -
5
CVSSv2
CVE-2018-11338
Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows malicious users to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vector...
Intuit Lacerte
NA
CVE-2022-28802
Code by Zapier prior to 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all u...
Zapier Code By Zapier
NA
CVE-2023-39420
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help...
Resortdata Internet Reservation Module Next Generation 5.3.2.15
NA
CVE-2023-33187
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which a...
Highlight Highlight
10
CVSSv2
CVE-2017-3222
Hard-coded credentials in AmosConnect 8 allow remote malicious users to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
Inmarsat Amosconnect 8.0
Inmarsat Amosconnect 8.0.1
Inmarsat Amosconnect 8.0.2
Inmarsat Amosconnect 8.2.0
Inmarsat Amosconnect 8.2.1
Inmarsat Amosconnect 8.2.2
Inmarsat Amosconnect 8.3.0
Inmarsat Amosconnect 8.3.1
Inmarsat Amosconnect 8.4.0
Inmarsat Amosconnect 8.4.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »