Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
configuration as code vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-4295
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the compone...
Healthit Code-validator-api
10
CVSSv2
CVE-2019-4716
IBM Planning Analytics 2.0.0 up to and including 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Ibm Planning Analytics
4.4
CVSSv2
CVE-2014-0039
Untrusted search path vulnerability in fwsnort prior to 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
Cipherdyne Fwsnort 1.6.1
Cipherdyne Fwsnort 1.6
Cipherdyne Fwsnort 1.5
Cipherdyne Fwsnort 1.0
Cipherdyne Fwsnort 0.9.0
Cipherdyne Fwsnort 0.6.3
Cipherdyne Fwsnort 0.6.2
Cipherdyne Fwsnort
Cipherdyne Fwsnort 1.0.4
Cipherdyne Fwsnort 1.0.3
Cipherdyne Fwsnort 0.8.0
Cipherdyne Fwsnort 0.7.0
Cipherdyne Fwsnort 0.5
Cipherdyne Fwsnort 1.0.6
Cipherdyne Fwsnort 1.0.5
Cipherdyne Fwsnort 0.8.2
Cipherdyne Fwsnort 0.8.1
Cipherdyne Fwsnort 0.6.1
Cipherdyne Fwsnort 0.6
Cipherdyne Fwsnort 1.6.3
Cipherdyne Fwsnort 1.6.2
Cipherdyne Fwsnort 1.0.2
5
CVSSv2
CVE-2020-3452
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to conduct directory traversal attacks and read sensitive files on a targeted ...
Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense
59 Github repositories
2 Articles
NA
CVE-2023-20273
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote malicious user to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending c...
Cisco Ios Xe
Cisco Ios Xe
2 Metasploit modules
4 Github repositories
1 Article
NA
CVE-2023-20198
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previou...
Cisco Ios Xe
3 Metasploit modules
34 Github repositories
1 Article
7.8
CVSSv2
CVE-2020-3436
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to upload arbitrary-sized files to specific folders on an affected device, which could ...
Cisco Firepower Threat Defense
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense 6.6.0
Cisco Adaptive Security Appliance Software
5
CVSSv2
CVE-2005-0186
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote malicious users to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
Cisco Ios 12.1yd
Cisco Ios 12.2t
Cisco Ios 12.3
Cisco Ios 12.3t
5
CVSSv2
CVE-2016-2381
Perl might allow context-dependent malicious users to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Perl Perl
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Oracle Communications Billing And Revenue Management 7.5
Oracle Configuration Manager
Oracle Configuration Manager 12.1.2.0.6
Oracle Database Server 11.2.0.4
Oracle Database Server 12.1.0.2
Oracle Database Server 12.2.0.1
Oracle Database Server 18c
Oracle Database Server 19c
Oracle Enterprise Manager Base Platform 13.2.0.0.0
Oracle Enterprise Manager Base Platform 13.3.0.0.0
Oracle Timesten In-memory Database
Oracle Solaris 11.3
Opensuse Opensuse 13.2
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.10
7.5
CVSSv2
CVE-2021-38647
Open Management Infrastructure Remote Code Execution Vulnerability
Microsoft System Center Operations Manager -
Microsoft Azure Automation State Configuration -
Microsoft Azure Automation Update Management -
Microsoft Azure Diagnostics \\(lad\\) -
Microsoft Azure Open Management Infrastructure -
Microsoft Azure Security Center -
Microsoft Azure Sentinel -
Microsoft Azure Stack Hub -
Microsoft Container Monitoring Solution -
Microsoft Log Analytics Agent -
1 Metasploit module
22 Github repositories
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »