Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solar vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2022-31537
The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Solar-system-simulator Project Solar-system-simulator
5
CVSSv2
CVE-2015-6469
The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote malicious users to discover script source code via unspecified vectors.
Ibc Solar Danfoss Tlx Pro+ -
Ibc Solar Servemaster Tlp+ -
5
CVSSv2
CVE-2015-6474
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote malicious users to discover cleartext passwords by reading HTML source code.
Ibc Solar Danfoss Tlx Pro+ -
Ibc Solar Servemaster Tlp+ -
4.3
CVSSv2
CVE-2015-6475
Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ibc Solar Danfoss Tlx Pro+ -
Ibc Solar Servemaster Tlp+ -
NA
CVE-2024-1016
A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been d...
Flexbyte Solar Ftp Server 2.1.2
Flexbyte Solar Ftp Server 2.1.1
4
CVSSv2
CVE-2021-34544
An issue exists in Solar-Log 500 prior to 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.
Bkw Solar-log 500 Firmware
Bkw Solar-log 500 Firmware 2.8.2
5
CVSSv2
CVE-2021-34543
The web administration server in Solar-Log 500 prior to 2.8.2 Build 52 does not require authentication, which allows remote malicious users to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the syste...
Bkw Solar-log 500 Firmware
Bkw Solar-log 500 Firmware 2.8.2
NA
CVE-2022-1277
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.
Inavitas Solar Log
7.5
CVSSv2
CVE-2019-11367
An issue exists in AUO Solar Data Recorder prior to 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.
Auo Solar Data Recorder
3.5
CVSSv2
CVE-2019-11368
Stored XSS exists in AUO Solar Data Recorder prior to 1.3.0 via the protect/config.htm addr parameter.
Auo Solar Data Recorder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »