Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
www server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote malicious users to run arbitrary commands via unauthenticated HTTP request.
Magnussolution Magnusbilling
2 Github repositories
4
CVSSv2
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
Awstats Awstats 6.5 1
Awstats Awstats 6.4 1
Awstats Awstats 6.5
7.5
CVSSv2
CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and previous versions allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Invisible-island Lynx
Debian Debian Linux 3.1
Debian Debian Linux 3.0
1 EDB exploit
9
CVSSv2
CVE-2016-6433
The Threat Management Console in Cisco Firepower Management Center 5.2.0 up to and including 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
Cisco Firepower Management Center 5.2.0
Cisco Firepower Management Center 5.3.0
Cisco Firepower Management Center 5.3.0.2
Cisco Firepower Management Center 5.3.0.3
Cisco Firepower Management Center 5.3.0.4
Cisco Firepower Management Center 5.3.1
Cisco Firepower Management Center 5.3.1.3
Cisco Firepower Management Center 5.3.1.4
Cisco Firepower Management Center 5.3.1.5
Cisco Firepower Management Center 5.3.1.6
Cisco Firepower Management Center 5.4.0
Cisco Firepower Management Center 5.4.0.2
Cisco Firepower Management Center 5.4.1
Cisco Firepower Management Center 5.4.1.1
Cisco Firepower Management Center 5.4.1.2
Cisco Firepower Management Center 5.4.1.3
Cisco Firepower Management Center 5.4.1.4
Cisco Firepower Management Center 5.4.1.5
Cisco Firepower Management Center 5.4.1.6
Cisco Firepower Management Center 6.0.1
2 EDB exploits
4
CVSSv2
CVE-2016-6435
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
Cisco Firepower Management Center 6.0.1
1 EDB exploit
3.6
CVSSv2
CVE-2003-0536
Directory traversal vulnerability in phpSysInfo 2.1 and previous versions allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
Phpsysinfo Phpsysinfo 2.0
Phpsysinfo Phpsysinfo 2.1
1 EDB exploit
10
CVSSv2
CVE-2016-2362
Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 has a hardcoded password for the FTP account, which allows remote malicious users to obtain access via a (1) FTP or (2) SSH connection.
Fonality Fonality 12.6
Fonality Fonality 12.8
Fonality Fonality 14.1i
5
CVSSv2
CVE-2004-1617
Lynx, lynx-ssl, and lynx-cur prior to 2.8.6dev.8 allow remote malicious users to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is n...
University Of Kansas Lynx 2.8.3 Dev22
University Of Kansas Lynx 2.8.3 Pre5
University Of Kansas Lynx 2.8.5 Dev4
University Of Kansas Lynx 2.8.5 Dev5
University Of Kansas Lynx 2.7
University Of Kansas Lynx 2.8
University Of Kansas Lynx 2.8.4 Rel1
University Of Kansas Lynx 2.8.5
University Of Kansas Lynx 2.8.1
University Of Kansas Lynx 2.8.2 Rel1
University Of Kansas Lynx 2.8.3
University Of Kansas Lynx 2.8.5 Dev2
University Of Kansas Lynx 2.8.5 Dev3
University Of Kansas Lynx 2.8.3 Rel1
University Of Kansas Lynx 2.8.4
University Of Kansas Lynx 2.8.5 Dev8
6.4
CVSSv2
CVE-2005-1519
Squid 2.5 STABLE9 and previous versions, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote malicious users to spoof DNS lookups.
Squid Squid
5
CVSSv2
CVE-2016-2364
The Chrome HUDweb plugin prior to 2016-05-05 for Fonality (previously trixbox Pro) 12.6 up to and including 14.1i uses the same hardcoded private key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms ...
Fonality Hud Web
Fonality Fonality 12.8
Fonality Fonality 12.6
Fonality Fonality 14.1i
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »