Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http server vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2018-5997
An issue exists in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
Ravpower Filehub Firmware 2.000.056
1 EDB exploit
1000
VMScore
CVE-2017-16934
The web server on DBL DBLTek devices allows remote malicious users to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp re...
Dbltek Web Server -
1 EDB exploit
1000
VMScore
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including ...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
6 Github repositories
1000
VMScore
CVE-2017-7269
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote malicious users to execute arbitrary code via a long header beginning with "If: <http://" in a PROP...
Microsoft Internet Information Server 6.0
2 EDB exploits
22 Github repositories
2 Articles
1000
VMScore
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote malicious users to execute arbitrary commands via a crafted Content-Typ...
Apache Struts 2.3.5
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.6
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.20.1
2 EDB exploits
2 Nmap scripts
148 Github repositories
15 Articles
1000
VMScore
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Trendmicro Password Manager -
1 EDB exploit
1000
VMScore
CVE-2015-1635
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote malicious users to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 8.1 -
Microsoft Windows 7 -
Microsoft Windows 8 -
Microsoft Windows Server 2012 -
2 EDB exploits
2 Metasploit modules
1 Nmap script
22 Github repositories
2 Articles
1000
VMScore
CVE-2014-9222
AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Allegrosoft Rompager
4 Metasploit modules
1 Nmap script
3 Github repositories
2 Articles
1000
VMScore
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x prior to 2.3c allows remote malicious users to execute arbitrary programs via a %00 sequence in a search action.
Rejetto Http File Server
3 EDB exploits
14 Github repositories
1000
VMScore
CVE-2014-6278
GNU Bash up to and including 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote malicious users to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feat...
Gnu Bash 4.0
Gnu Bash 4.3
Gnu Bash 3.2.48
Gnu Bash 1.14.3
Gnu Bash 4.1
Gnu Bash 2.05
Gnu Bash 1.14.1
Gnu Bash 3.0
Gnu Bash 2.01
Gnu Bash 2.04
Gnu Bash 2.0
Gnu Bash 2.01.1
Gnu Bash 1.14.7
Gnu Bash 3.1
Gnu Bash 1.14.6
Gnu Bash 1.14.2
Gnu Bash 1.14.4
Gnu Bash 4.2
Gnu Bash 2.02.1
Gnu Bash 3.0.16
Gnu Bash 1.14.5
Gnu Bash 1.14.0
5 EDB exploits
12 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »