Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit.com vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-35606
Arbitrary command execution can occur in Webmin up to and including 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-1...
Webmin Webmin
4 Github repositories
10
CVSSv2
CVE-2015-3435
Samsung Security Manager (SSM) prior to 1.31 allows remote malicious users to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
Samsung Samsung Security Manager
7.5
CVSSv2
CVE-2022-22831
An issue exists in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
Servisnet Tessa 0.0.2
5
CVSSv2
CVE-2022-22833
An issue exists in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
Servisnet Tessa 0.0.2
NA
CVE-2016-5641
This Metasploit module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json...
1 Article
7.5
CVSSv2
CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
Fortilogger Fortilogger
1 Github repository
NA
CVE-2024-2389
In Flowmon versions before 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
2 Github repositories
1 Article
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
9.3
CVSSv2
CVE-2010-0806
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote malicious users to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in ...
Microsoft Internet Explorer 7
Microsoft Windows 2003 Server
Microsoft Windows Server 2003
Microsoft Windows Xp
Microsoft Windows Xp -
Microsoft Windows Server 2008
Microsoft Windows Server 2008 -
Microsoft Windows Vista
Microsoft Internet Explorer 6
Microsoft Windows 2000
2 EDB exploits
12 Articles
7.5
CVSSv2
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 up to and including 1.5.10 for WordPress does not properly restrict access, which allows remote malicious users to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.10
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.6
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »