Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h00die-gr3y vulnerabilities and exploits
(subscribe to this query)
791
VMScore
CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
Monitorr Monitorr 1.7.6m
1 Metasploit module
2 Github repositories
NA
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
NA
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
NA
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
NA
CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
1 Metasploit module
1 Github repository
1000
VMScore
CVE-2019-7256
Linear eMerge E3-Series devices allow Command Injections.
Nortekcontrol Linear Emerge Essential Firmware
Nortekcontrol Linear Emerge Elite Firmware
1 Metasploit module
1000
VMScore
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
Optergy Proton
Optergy Enterprise
1 EDB exploit
1 Metasploit module
1 Github repository
NA
CVE-2024-24725
Gibbon up to and including 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
1 Metasploit module
NA
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful explo...
Flir Flir Ax8 Firmware
1 Metasploit module
835
VMScore
CVE-2017-7921
An Improper Authentication issue exists in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 buil...
Hikvision Ds-2cd2732f-i\\(s\\) Firmware -
Hikvision Ds-2cd2712f-i\\(s\\) Firmware -
Hikvision Ds-2cd2212-i5 Firmware -
Hikvision Ds-2cd2232-i5 Firmware -
Hikvision Ds-2cd4012f-\\(a\\) Firmware -
Hikvision Ds-2cd4012f-\\(p\\) Firmware -
Hikvision Ds-2cd4032fwd-\\(w\\) Firmware -
Hikvision Ds-2cd4112f-i\\(z\\) Firmware -
Hikvision Ds-2cd4112fwd-i\\(z\\) Firmware -
Hikvision Ds-2cd4212f-i\\(h\\) Firmware -
Hikvision Ds-2cd4212f-i\\(s\\) Firmware -
Hikvision Ds-2cd4312f-i\\(z\\) Firmware -
Hikvision Ds-2cd4312f-i\\(h\\) Firmware -
Hikvision Ds-2cd2412f-i\\(w\\) Firmware -
Hikvision Ds-2cd2432f-i\\(w\\) Firmware -
Hikvision Ds-2cd2112-i Firmware -
Hikvision Ds-2cd2032-i Firmware -
Hikvision Ds-2cd4012fwd-\\(p\\) Firmware -
Hikvision Ds-2cd4012fwd-\\(w\\) Firmware -
Hikvision Ds-2cd4032fwd-\\(a\\) Firmware -
Hikvision Ds-2cd4032fwd-\\(p\\) Firmware -
Hikvision Ds-2cd4132fwd-i\\(z\\) Firmware -
2 Metasploit modules
17 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »