Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
10
CVSSv2
CVE-2020-6932
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an malicious user to potentially read arbitrary files and run arbitrary executables in the context o...
Blackberry Qnx Software Development Platform
10
CVSSv2
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
1 Metasploit module
9 Github repositories
2 Articles
10
CVSSv2
CVE-2019-15311
An issue exists on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple com...
Linkplay Linkplay -
10
CVSSv2
CVE-2020-3161
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote malicious user to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of prop...
Cisco Ip Phone 8865 Firmware 10.3(1)es14
Cisco Ip Phone 8865 Firmware 11.0(1)
Cisco Ip Phone 8865 Firmware 11.0(5)sr1
Cisco Ip Phone 8851 Firmware 10.3(1)es14
Cisco Ip Phone 8851 Firmware 11.0(1)
Cisco Ip Phone 8851 Firmware 11.0(5)sr1
Cisco Ip Phone 7841 Firmware 11.0(1)
Cisco Ip Phone 7821 Firmware 11.0(1)
Cisco Ip Phone 8811 Firmware 10.3(1)es14
Cisco Ip Phone 8811 Firmware 11.0(1)
Cisco Ip Phone 8811 Firmware 11.0(5)sr1
Cisco Ip Phone 8861 Firmware 10.3(1)es14
Cisco Ip Phone 8861 Firmware 11.0(1)
Cisco Ip Phone 8861 Firmware 11.0(5)sr1
Cisco Ip Phone 8845 Firmware 10.3(1)es14
Cisco Ip Phone 8845 Firmware 11.0(1)
Cisco Ip Phone 8845 Firmware 11.0(5)sr1
Cisco Ip Phone 7861 Firmware 11.0(1)
Cisco Ip Phone 8841 Firmware 10.3(1)es14
Cisco Ip Phone 8841 Firmware 11.0(1)
Cisco Ip Phone 8841 Firmware 11.0(5)sr1
Cisco Ip Phone 7811 Firmware 11.0(1)
1 Github repository
10
CVSSv2
CVE-2020-10245
CODESYS V3 web server prior to 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Codesys Control For Plcnext
Codesys Control For Beaglebone
Codesys Control For Empc-a/imx6
Codesys Control For Iot2000
Codesys Control For Linux
Codesys Control For Pfc100
Codesys Control For Pfc200
Codesys Control For Raspberry Pi
Codesys Control Rte
Codesys Control Runtime System Toolkit
Codesys Control Win
Codesys Embedded Target Visu Toolkit
Codesys Hmi
Codesys Remote Target Visu Toolkit
10
CVSSv2
CVE-2020-9054
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated malicious user to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve a...
Zyxel Nas326 Firmware
Zyxel Nas520 Firmware
Zyxel Nas540 Firmware
Zyxel Nas542 Firmware
Zyxel Atp100 Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp800 Firmware
Zyxel Usg20-vpn Firmware
Zyxel Usg20w-vpn Firmware
Zyxel Usg40 Firmware
Zyxel Usg40w Firmware
Zyxel Usg60 Firmware
Zyxel Usg60w Firmware
Zyxel Usg110 Firmware
Zyxel Usg210 Firmware
Zyxel Usg310 Firmware
Zyxel Usg1100 Firmware
Zyxel Usg1900 Firmware
Zyxel Usg2200 Firmware
Zyxel Vpn50 Firmware
Zyxel Vpn100 Firmware
1 Github repository
1 Article
10
CVSSv2
CVE-2020-6962
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Version...
Gehealthcare Apexpro Telemetry Server Firmware
Gehealthcare Apexpro Telemetry Server Firmware 4.3
Gehealthcare Carescape B450 Monitor Firmware 2.0
Gehealthcare Carescape B650 Monitor Firmware 1.0
Gehealthcare Carescape B650 Monitor Firmware 2.0
Gehealthcare Carescape B850 Monitor Firmware 1.0
Gehealthcare Carescape B850 Monitor Firmware 2.0
Gehealthcare Carescape Central Station Mai700 Firmware 1.0
Gehealthcare Carescape Central Station Mai700 Firmware 2.0
Gehealthcare Carescape Central Station Mas700 Firmware 1.0
Gehealthcare Carescape Central Station Mas700 Firmware 2.0
Gehealthcare Clinical Information Center Mp100d Firmware 4.0
Gehealthcare Clinical Information Center Mp100d Firmware 5.0
Gehealthcare Clinical Information Center Mp100r Firmware 4.0
Gehealthcare Clinical Information Center Mp100r Firmware 5.0
Gehealthcare Carescape Telemetry Server Mp100r Firmware
Gehealthcare Carescape Telemetry Server Mp100r Firmware 4.3
10
CVSSv2
CVE-2019-19495
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote malicious user to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's int...
Technicolor Tc7230 Steb Firmware 0.1.25
1 Github repository
10
CVSSv2
CVE-2019-16662
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
2 EDB exploits
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »