Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit.com vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-36661
Shibboleth XMLTooling prior to 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Shibboleth Xmltooling
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2024-31819
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote malicious user to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.
1 Github repository
8.8
CVSSv3
CVE-2023-40044
In WS_FTP Server versions before 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Progress Ws Ftp Server
1 Github repository
8
CVSSv3
CVE-2023-40315
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer....
Opennms Horizon
Opennms Meridian
NA
CVE-2007-2447
The MS-RPC functionality in smbd in Samba 3.0.0 up to and including 3.0.25rc3 allows remote malicious users to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, a...
Samba Samba 3.0.13
Samba Samba 3.0.14
Samba Samba 3.0.2
Samba Samba 3.0.20
Samba Samba 3.0.22
Samba Samba 3.0.23
Samba Samba 3.0.23a
Samba Samba 3.0.25
Samba Samba 3.0.6
Samba Samba 3.0.7
Samba Samba 3.0.0
Samba Samba 3.0.14a
Samba Samba 3.0.15
Samba Samba 3.0.20a
Samba Samba 3.0.20b
Samba Samba 3.0.23b
Samba Samba 3.0.23c
Samba Samba 3.0.2a
Samba Samba 3.0.8
Samba Samba 3.0.9
Samba Samba 3.0.11
Samba Samba 3.0.12
1 EDB exploit
45 Github repositories
NA
CVE-2010-0478
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote malicious users to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-b...
Microsoft Windows 2000
1 EDB exploit
9.8
CVSSv3
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus prior to 11306, ServiceDesk Plus MSP prior to 10530, and SupportCenter Plus prior to 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
Zohocorp Manageengine Servicedesk Plus 11.2
Zohocorp Manageengine Servicedesk Plus Msp 10.5
Zohocorp Manageengine Servicedesk Plus 11.3
Zohocorp Manageengine Servicedesk Plus 11.1
Zohocorp Manageengine Supportcenter Plus
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Supportcenter Plus 11.0
2 Github repositories
1 Article
9.1
CVSSv3
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
NA
CVE-2010-3275
libdirectx_plugin.dll in VideoLAN VLC Media Player prior to 1.1.8 allows remote malicious users to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
Videolan Vlc Media Player 0.4.1
Videolan Vlc Media Player 0.2.83
Videolan Vlc Media Player 0.2.82
Videolan Vlc Media Player 0.2.63
Videolan Vlc Media Player 0.2.70
Videolan Vlc Media Player 0.4.3
Videolan Vlc Media Player 0.4.2
Videolan Vlc Media Player 0.2.62
Videolan Vlc Media Player 0.2.61
Videolan Vlc Media Player 0.5.3
Videolan Vlc Media Player 0.7.0
Videolan Vlc Media Player 0.6.2
Videolan Vlc Media Player 0.8.6
Videolan Vlc Media Player 0.9.10
Videolan Vlc Media Player 0.9.9
Videolan Vlc Media Player 1.0.0
Videolan Vlc Media Player 1.1.3
Videolan Vlc Media Player 1.0.5
Videolan Vlc Media Player 0.3.0
Videolan Vlc Media Player 0.2.92
Videolan Vlc Media Player 0.2.73
Videolan Vlc Media Player 0.5.1
1 EDB exploit
NA
CVE-2014-8636
The XrayWrapper implementation in Mozilla Firefox prior to 35.0 and SeaMonkey prior to 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote malicious users to execute arbitrary JavaScript code with chrome privileges via unspecified v...
Mozilla Firefox
Mozilla Seamonkey
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »