Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45291
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endp...
Pwsdashboard Personal Weather Station Dashboard -
605
VMScore
CVE-2007-3891
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote malicious users to execute arbitrary code via crafted HTML attributes.
Microsoft Windows Vista
435
VMScore
CVE-2008-5770
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Phpweather Phpweather 2.2.2
1 EDB exploit
1 Github repository
755
VMScore
CVE-2008-5771
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Phpweather Phpweather 2.2.2
1 EDB exploit
NA
CVE-2023-30715
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows malicious users to access location information set in Weather without permission.
Samsung Android 11.0
Samsung Android 12.0
Samsung Android 13.0
668
VMScore
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an malicious user to inject arbitrary Python code via the 'Add new weather data source' upload function.
Rainmachine Mini-8 Firmware
187
VMScore
CVE-2022-28780
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
Google Android 10.0
Google Android 11.0
Google Android 12.0
107
VMScore
CVE-2004-2473
wmFrog weather monitor 0.1.6 and other versions prior to 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Wmfrog Wmfrog 0.1.6
NA
CVE-2022-35122
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated malicious users to access sensitive information including device and local WiFi passwords.
Ecowitt Gw1100 Firmware
578
VMScore
CVE-2018-18877
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »