Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revolution vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-7322
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code via a crafted cert...
Modx Modx Revolution
8.1
CVSSv3
CVE-2017-7323
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions use http://rest.modx.com by default, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HT...
Modx Modx Revolution
6.1
CVSSv3
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and previous versions does not properly constrain the language parameter, which allows remote malicious users to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Resp...
Modx Modx Revolution
9.8
CVSSv3
CVE-2017-7324
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the core_path parameter.
Modx Modx Revolution
7.3
CVSSv3
CVE-2016-10037
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
Modx Modx Revolution
7.3
CVSSv3
CVE-2016-10038
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
Modx Modx Revolution
7.3
CVSSv3
CVE-2016-10039
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
Modx Modx Revolution
NA
CVE-2010-5310
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires...
Gehealthcare Revolution Xq\\/i
NA
CVE-2015-5151
Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.
Themepunch Slider Revolution 4.2.2
NA
CVE-2014-9734
Directory traversal vulnerability in the Slider Revolution (revslider) plugin prior to 4.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
Themepunch Slider Revolution
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »