Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
www server vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2016-2363
Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
Fonality Fonality 12.6
Fonality Fonality 14.1i
Fonality Fonality 12.8
NA
CVE-2024-30270
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions before 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `...
2.1
CVSSv2
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated malicious user to read local system files (e.g., /etc/passwd) in the context of ...
Zoneminder Zoneminder
5
CVSSv2
CVE-2005-2917
Squid 2.5.STABLE10 and previous versions, while performing NTLM authentication, does not properly handle certain request sequences, which allows malicious users to cause a denial of service (daemon restart).
Squid Squid 2.5.9
Squid Squid
7.5
CVSSv2
CVE-2005-1854
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote malicious users to execute arbitrary commands on the caching server.
Debian Apt-cacher 0.9.9
Debian Apt-cacher 0.9.4
NA
CVE-2023-45867
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrie...
Ilias Ilias 7.25
NA
CVE-2023-47636
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the malicious user to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injecti...
Pimcore Admin Classic Bundle
7.5
CVSSv2
CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
Monitorr Monitorr 1.7.6m
2 Github repositories
10
CVSSv2
CVE-2005-3656
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql prior to 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated malicious users to execute arbitrary code, as demonstrated via the username.
Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 0.9.5
Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 0.9.6
Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql
6.2
CVSSv2
CVE-2002-0658
OSSP mm library (libmm) prior to 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
Ossp Mm 1.0.0
Ossp Mm 1.0.1
Ossp Mm 1.0.5
Ossp Mm 1.0.6
Ossp Mm 1.0.12
Ossp Mm 1.0.2
Ossp Mm 1.0.9
Ossp Mm 1.1.0
Ossp Mm 1.0.3
Ossp Mm 1.0.4
Ossp Mm 1.1.1
Ossp Mm 1.1.2
Ossp Mm 1.1.3
Ossp Mm 1.0.10
Ossp Mm 1.0.11
Ossp Mm 1.0.7
Ossp Mm 1.0.8
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »