Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
controller vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-4171
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an malicious user to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
Ibm Cognos Controller 10.3.0
Ibm Cognos Controller 10.3.1
Ibm Cognos Controller 10.4.0
Ibm Cognos Controller 10.4.1
4
CVSSv2
CVE-2019-4411
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.
Ibm Cognos Controller 10.3.0
Ibm Cognos Controller 10.3.1
Ibm Cognos Controller 10.4.0
Ibm Cognos Controller 10.4.1
5
CVSSv2
CVE-2020-7473
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated malicious users to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exp...
Citrix Sharefile Storagezones Controller
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.9.0
1 Github repository
5
CVSSv2
CVE-2020-8982
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or ins...
Citrix Sharefile Storagezones Controller
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.9.0
1 Github repository
5
CVSSv2
CVE-2020-8983
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be...
Citrix Sharefile Storagezones Controller
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.9.0
1 Github repository
7.5
CVSSv2
CVE-2005-1784
Hosting Controller 6.1 HotFix 2.0 and previous versions allows remote malicious users to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
Hosting Controller Hosting Controller
1 EDB exploit
5.5
CVSSv2
CVE-2007-6499
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
Hosting Controller Hosting Controller
1 EDB exploit
5.5
CVSSv2
CVE-2007-6503
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and previous versions allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPl...
Hosting Controller Hosting Controller
1 EDB exploit
7.5
CVSSv2
CVE-2007-6497
Hosting Controller 6.1 Hot fix 3.3 and previous versions (1) allows remote malicious users to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount ...
Hosting Controller Hosting Controller
1 EDB exploit
4.9
CVSSv2
CVE-2007-6500
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
Hosting Controller Hosting Controller
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »