Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui unifi vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-15595
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.
Ui Unifi Video Controller
4.3
CVSSv2
CVE-2019-5456
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
Ui Unifi Controller
4.3
CVSSv2
CVE-2018-5264
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote malicious users to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with t...
Ui Unifi Firmware -
6.8
CVSSv2
CVE-2019-5430
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the malicious user to lure an authenticated user to access on attacker controlled page.
Ui Unifi Video
7.2
CVSSv2
CVE-2016-6914
Ubiquiti UniFi Video prior to 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
Ui Unifi Video
1 EDB exploit
2.6
CVSSv2
CVE-2014-2226
Ubiquiti UniFi Controller prior to 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle malicious users to obtain sensitive information via unspecified vectors.
Ui Unifi Controller
6
CVSSv2
CVE-2014-2227
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) prior to 3.0.1 does not restrict access to the application, which allows remote malicious users to bypass the Same Origin Policy via a crafted SW...
Ui Unifi Video
1 EDB exploit
4.3
CVSSv2
CVE-2013-3572
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a crafted client hostname.
Ui Unifi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4