Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portcullis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2383
dompdf.php in dompdf prior to 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent malicious users to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base6...
Dompdf Dompdf
1 EDB exploit
2 Github repositories
NA
CVE-2014-2044
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud prior to 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) synt...
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.6
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.10
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.16
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.5.2
Owncloud Owncloud
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.15
1 EDB exploit
NA
CVE-2015-4425
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
Pimcore Pimcore -
1 EDB exploit
9.8
CVSSv3
CVE-2014-3445
backup.php in HandsomeWeb SOS Webpages prior to 1.1.12 does not require knowledge of the cleartext password, which allows remote malicious users to bypass authentication by leveraging knowledge of the administrator password hash.
Handsomeweb Sos Webpages
NA
CVE-2014-2046
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote malicious users to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) m...
Broadcom Pipa C211 Web Interface 1.1
Broadcom Pipa C211 -
1 EDB exploit
NA
CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KC...
Vtiger Vtiger Crm
3 EDB exploits
NA
CVE-2014-6032
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 up to and including 11.6.0 and 10.0.0 up to and including 10.2.4, AAM 11.4.0 up to and including 11.6.0, ARM 11.3.0 up to and including 11.6.0, Ana...
F5 Big-ip Protocol Security Module 10.2.3
F5 Big-ip Protocol Security Module 11.0.0
F5 Big-ip Protocol Security Module 10.2.0
F5 Big-ip Protocol Security Module 10.2.1
F5 Big-ip Protocol Security Module 11.2.1
F5 Big-ip Protocol Security Module 11.3.0
F5 Big-ip Protocol Security Module 11.4.0
F5 Big-ip Protocol Security Module 10.0.0
F5 Big-ip Protocol Security Module 10.1.0
F5 Big-ip Protocol Security Module 11.1.0
F5 Big-ip Protocol Security Module 11.2.0
F5 Big-ip Protocol Security Module 10.2.2
F5 Big-ip Protocol Security Module 10.2.4
F5 Big-ip Protocol Security Module 11.4.1
F5 Big-ip Global Traffic Manager 10.0.0
F5 Big-ip Global Traffic Manager 10.1.0
F5 Big-ip Global Traffic Manager 11.1.0
F5 Big-ip Global Traffic Manager 11.2.0
F5 Big-ip Global Traffic Manager 11.6.0
F5 Big-ip Global Traffic Manager 10.2.2
F5 Big-ip Global Traffic Manager 10.2.3
F5 Big-ip Global Traffic Manager 11.4.1
NA
CVE-2014-6033
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed...
NA
CVE-2014-7137
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM prior to 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet...
Dolibarr Dolibarr
NA
CVE-2014-0371
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others.
Oracle Supply Chain Products Suite Sql-server 7.3.1
Oracle Supply Chain Products Suite Sql-server 12.2.0
Oracle Supply Chain Products Suite 7.2.0.3
Oracle Supply Chain Products Suite Sql-server 7.3.0
Oracle Supply Chain Products Suite Sql-server 12.2.1
Oracle Supply Chain Products Suite Sql-server 12.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »