Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dhiraj mishra vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-0186
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
Apache Pluto 3.0.0
Apache Pluto 3.0.1
6.8
CVSSv2
CVE-2017-6328
The Symantec Messaging Gateway prior to 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user t...
Symantec Message Gateway
1 EDB exploit
7.5
CVSSv2
CVE-2018-18957
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
Mz-automation Libiec61850 1.3
1 EDB exploit
4.3
CVSSv2
CVE-2018-6849
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
Duckduckgo Duckduckgo 4.2.0
1 EDB exploit
5
CVSSv2
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.
Samsung Internet Browser 5.4.02.3
1 EDB exploit
6.8
CVSSv2
CVE-2019-12137
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
Typora Typora 0.9.9.24.6
5
CVSSv2
CVE-2018-11396
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) up to and including 3.28.2.1 allows remote malicious users to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
Gnome Epiphany
1 Github repository
5
CVSSv2
CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ up to and including 2.21.3, mishandle an unset pageURL, leading to an application crash.
Webkitgtk Webkitgtk\\+
2 EDB exploits
5
CVSSv2
CVE-2017-1000028
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
Oracle Glassfish Server 4.1
3 EDB exploits
2 Github repositories
5
CVSSv2
CVE-2018-14912
cgit_clone_objects in CGit prior to 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
Cgit Project Cgit
Debian Debian Linux 9.0
Debian Debian Linux 8.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »