Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web applications vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-0632
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 up to and including 11.5.8 may allow remote malicious users to execute arbitrary code via a long URL.
Oracle Applications 11.0
Oracle E-business Suite 11.1
Oracle E-business Suite 11.8
Oracle Applications 10.7
Oracle E-business Suite 11.6
Oracle E-business Suite 11.7
Oracle E-business Suite 11.2
Oracle E-business Suite 11.3
Oracle E-business Suite 11.4
Oracle E-business Suite 11.5
NA
CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload prior to 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's ...
Oracle Retail Applications 12.0in
Oracle Retail Applications 13.0
Oracle Retail Applications 13.3
Oracle Retail Applications 13.2
Oracle Retail Applications 12.0
Oracle Retail Applications 14.0
Oracle Retail Applications 13.1
Oracle Retail Applications 13.4
Apache Tomcat 7.0.2
Apache Tomcat 7.0.49
Apache Tomcat 7.0.12
Apache Tomcat 7.0.20
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Commons Fileupload 1.2.2
Apache Tomcat 7.0.4
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
1 EDB exploit
3 Github repositories
5.3
CVSSv3
CVE-2023-24815
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an ...
Eclipse Vert.x-web
8.8
CVSSv3
CVE-2018-1252
RSA Web Threat Detection versions before 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database...
Rsa Web Threat Detection
NA
CVE-2002-0560
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote malicious users to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
Oracle Application Server Web Cache 2.0.0.0
Oracle Application Server Web Cache 2.0.0.1
Oracle Application Server Web Cache 2.0.0.2
Oracle Application Server Web Cache 2.0.0.3
Oracle Oracle8i 8.1.7
Oracle Application Server 1.0.2
Oracle Oracle9i 9.0.1
Oracle Oracle8i 8.1.7.1
Oracle Oracle9i 9.0
5.3
CVSSv3
CVE-2023-29108
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.
Sap Abap Platform Kernel 7.85
Sap Web Dispatcher 7.85
Sap Web Dispatcher 7.89
Sap Abap Platform Kernel 7.89
Sap Abap Platform Kernel 7.91
6.1
CVSSv3
CVE-2020-27193
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote malicious users to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
Ckeditor Ckeditor 4.15.0
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Express
Oracle Banking Party Management 2.7.0
Oracle Banking Platform 2.4.0
Oracle Banking Platform 2.7.0
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.8.0
Oracle Banking Platform 2.9.0
Oracle Commerce Merchandising 11.0.0
Oracle Commerce Merchandising 11.1.0
Oracle Commerce Merchandising 11.2.0
Oracle Commerce Merchandising 11.3.0
Oracle Commerce Merchandising 11.3.1
Oracle Commerce Merchandising 11.3.2
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Infrastructure 8.1.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Jd Edwards Enterpriseone Tools
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Peoplesoft Enterprise Peopletools 8.57
NA
CVE-2002-0270
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote malicious users to execute arbitrary script in documents that the user does ...
Opera Software Opera Web Browser 9.10
NA
CVE-2007-2881
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server prior to 4.0.5 allow remote malicious users to execute arbitrary code via crafted packets during protocol negotiation.
Sun Java System Web Proxy Server
5.3
CVSSv3
CVE-2023-20232
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote malicious user to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP re...
Cisco Unified Contact Center Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »