Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-45291
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endp...
Pwsdashboard Personal Weather Station Dashboard -
NA
CVE-2007-3891
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote malicious users to execute arbitrary code via crafted HTML attributes.
Microsoft Windows Vista
NA
CVE-2008-5770
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Phpweather Phpweather 2.2.2
1 EDB exploit
1 Github repository
NA
CVE-2008-5771
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Phpweather Phpweather 2.2.2
1 EDB exploit
3.3
CVSSv3
CVE-2023-30715
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows malicious users to access location information set in Weather without permission.
Samsung Android 11.0
Samsung Android 12.0
Samsung Android 13.0
9.8
CVSSv3
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an malicious user to inject arbitrary Python code via the 'Add new weather data source' upload function.
Rainmachine Mini-8 Firmware
5.5
CVSSv3
CVE-2022-28780
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
Google Android 10.0
Google Android 11.0
Google Android 12.0
NA
CVE-2004-2473
wmFrog weather monitor 0.1.6 and other versions prior to 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Wmfrog Wmfrog 0.1.6
9.1
CVSSv3
CVE-2022-35122
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated malicious users to access sensitive information including device and local WiFi passwords.
Ecowitt Gw1100 Firmware
8.8
CVSSv3
CVE-2018-18877
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »