Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h00die-gr3y vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
Monitorr Monitorr 1.7.6m
1 Metasploit module
2 Github repositories
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
7.5
CVSSv3
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
NA
CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
1 Metasploit module
1 Github repository
9.8
CVSSv3
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
Optergy Proton
Optergy Enterprise
1 EDB exploit
1 Metasploit module
1 Github repository
10
CVSSv3
CVE-2019-7256
Linear eMerge E3-Series devices allow Command Injections.
Nortekcontrol Linear Emerge Essential Firmware
Nortekcontrol Linear Emerge Elite Firmware
1 Metasploit module
9.8
CVSSv3
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful explo...
Flir Flir Ax8 Firmware
1 Metasploit module
NA
CVE-2024-24725
Gibbon up to and including 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
1 Metasploit module
10
CVSSv3
CVE-2017-7921
An Improper Authentication issue exists in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 buil...
Hikvision Ds-2cd2732f-i\\(s\\) Firmware -
Hikvision Ds-2cd2712f-i\\(s\\) Firmware -
Hikvision Ds-2cd2212-i5 Firmware -
Hikvision Ds-2cd2232-i5 Firmware -
Hikvision Ds-2cd4012f-\\(a\\) Firmware -
Hikvision Ds-2cd4012f-\\(p\\) Firmware -
Hikvision Ds-2cd4032fwd-\\(w\\) Firmware -
Hikvision Ds-2cd4112f-i\\(z\\) Firmware -
Hikvision Ds-2cd4112fwd-i\\(z\\) Firmware -
Hikvision Ds-2cd4212f-i\\(h\\) Firmware -
Hikvision Ds-2cd4212f-i\\(s\\) Firmware -
Hikvision Ds-2cd4312f-i\\(z\\) Firmware -
Hikvision Ds-2cd4312f-i\\(h\\) Firmware -
Hikvision Ds-2cd2412f-i\\(w\\) Firmware -
Hikvision Ds-2cd2432f-i\\(w\\) Firmware -
Hikvision Ds-2cd2112-i Firmware -
Hikvision Ds-2cd2032-i Firmware -
Hikvision Ds-2cd4012fwd-\\(p\\) Firmware -
Hikvision Ds-2cd4012fwd-\\(w\\) Firmware -
Hikvision Ds-2cd4032fwd-\\(a\\) Firmware -
Hikvision Ds-2cd4032fwd-\\(p\\) Firmware -
Hikvision Ds-2cd4132fwd-i\\(z\\) Firmware -
2 Metasploit modules
17 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »