Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redteam-pentesting.de vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32751
Pydio Cells up to and including 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the w...
Pydio Cells
5
CVSSv2
CVE-2014-2301
OrbiTeam BSCW prior to 5.0.8 allows remote malicious users to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/.
Bscw Bscw
7.5
CVSSv2
CVE-2014-2302
The installer script in webEdition CMS prior to 6.2.7-s1 and 6.3.x prior to 6.3.8-s1 allows remote malicious users to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Webedition Webedition Cms 6.2.7.0
Webedition Webedition Cms
Webedition Webedition Cms 6.3.8
4.3
CVSSv2
CVE-2014-2400
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote malicious users to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399...
Oracle Fusion Middleware 2.2.2
6.4
CVSSv2
CVE-2021-37425
Altova MobileTogether Server prior to 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
Altova Mobiletogether Server
Altova Mobiletogether Server 7.3
3.5
CVSSv2
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Icewarp Mail Server
4.3
CVSSv2
CVE-2015-2804
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware prior to 6.6.4.309.R01 and 6.6.5.x prior to 6.6.5.80.R02 generates weak session identifiers, which allows remote malicious users to hijack arbitrary sessions via a bru...
Alcatel-lucent Omniswitch Firmware
4.9
CVSSv2
CVE-2020-26567
An issue exists on D-Link DSR-250N prior to 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.
Dlink Dsr-250n Firmware
NA
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
NA
CVE-2023-33243
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database g...
Starface Starface
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »