Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
click project click - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineer...
Csrf Magic Project Csrf Magic
5.4
CVSSv3
CVE-2022-39207
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the w...
Onedev Project Onedev
NA
CVE-2006-4732
Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
Microsoft Visual Basic 6.0
5.5
CVSSv3
CVE-2017-5223
An issue exists in PHPMailer prior to 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directo...
Phpmailer Project Phpmailer
1 EDB exploit
86 Github repositories
7.5
CVSSv3
CVE-2021-32982
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.
Automationdirect C0-10dd1e-d Firmware
Automationdirect C0-10dd2e-d Firmware
Automationdirect C0-10dre-d Firmware
Automationdirect C0-10are-d Firmware
Automationdirect C0-11dd1e-d Firmware
Automationdirect C0-11dd2e-d Firmware
Automationdirect C0-11dre-d Firmware
Automationdirect C0-11are-d Firmware
Automationdirect C0-12dd1e-d Firmware
Automationdirect C0-12dd2e-d Firmware
Automationdirect C0-12dre-d Firmware
Automationdirect C0-12are-d Firmware
Automationdirect C0-12dd1e-1-d Firmware
Automationdirect C0-12dd2e-1-d Firmware
Automationdirect C0-12dre-1-d Firmware
Automationdirect C0-12are-1-d Firmware
Automationdirect C0-12dd1e-2-d Firmware
Automationdirect C0-12dd2e-2-d Firmware
Automationdirect C0-12dre-2-d Firmware
Automationdirect C0-12are-2-d Firmware
7.8
CVSSv3
CVE-2020-7474
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious ...
Schneider-electric Pmepxm0100 Prosoft Configurator
9.8
CVSSv3
CVE-2021-32984
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and...
Automationdirect C0-10dd1e-d Firmware
Automationdirect C0-10dd2e-d Firmware
Automationdirect C0-10dre-d Firmware
Automationdirect C0-10are-d Firmware
Automationdirect C0-11dd1e-d Firmware
Automationdirect C0-11dd2e-d Firmware
Automationdirect C0-11dre-d Firmware
Automationdirect C0-11are-d Firmware
Automationdirect C0-12dd1e-d Firmware
Automationdirect C0-12dd2e-d Firmware
Automationdirect C0-12dre-d Firmware
Automationdirect C0-12are-d Firmware
Automationdirect C0-12dd1e-1-d Firmware
Automationdirect C0-12dd2e-1-d Firmware
Automationdirect C0-12dre-1-d Firmware
Automationdirect C0-12are-1-d Firmware
Automationdirect C0-12dd1e-2-d Firmware
Automationdirect C0-12dd2e-2-d Firmware
Automationdirect C0-12dre-2-d Firmware
Automationdirect C0-12are-2-d Firmware
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
90 Github repositories
8.6
CVSSv3
CVE-2016-6368
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition due to the Snort process unexpectedly resta...
Cisco Firepower Management Center 6.0.0.0
Cisco Firepower Management Center 6.0.0
Cisco Firepower Management Center 6.0.0.1
Cisco Firepower Management Center 6.0.1
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
119 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »