Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
backdoor vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2019-3422
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can ...
Zte Mf910s Firmware -
7.5
CVSSv2
CVE-2017-12930
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
Tecnovision Dlx Spot Player4 -
2 EDB exploits
1 Github repository
8.5
CVSSv2
CVE-2015-7257
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "...
Zte Zxv10 W300 Firmware W300v2.1.0f Er7 Pe O57
Zte Zxv10 W300 Firmware W300v2.1.0h Er7 Pe O57
1 EDB exploit
9
CVSSv2
CVE-2015-7258
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
Zte Zxv10 W300 Firmware W300v2.1.0f Er7 Pe O57
Zte Zxv10 W300 Firmware W300v2.1.0h Er7 Pe O57
1 EDB exploit
9
CVSSv2
CVE-2015-7259
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
Zte Zxv10 W300 Firmware W300v2.1.0f Er7 Pe O57
Zte Zxv10 W300 Firmware W300v2.1.0h Er7 Pe O57
1 EDB exploit
6.5
CVSSv2
CVE-2017-12929
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
Tecnovision Dlx Spot Player4 -
2 EDB exploits
1 Github repository
7.5
CVSSv2
CVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
Pepperl-fuchs Es7510-xt Firmware
Pepperl-fuchs Es8509-xt Firmware
Pepperl-fuchs Es8510-xt Firmware
Pepperl-fuchs Es9528-xtv2 Firmware
Pepperl-fuchs Es7506 Firmware
Pepperl-fuchs Es7510 Firmware
Pepperl-fuchs Es7528 Firmware
Pepperl-fuchs Es8508 Firmware
Pepperl-fuchs Es8508f Firmware
Pepperl-fuchs Es8510 Firmware
Pepperl-fuchs Es8510-xte Firmware
Pepperl-fuchs Es9528 Firmware
Pepperl-fuchs Es9528-xt Firmware
Korenix Jetnet5428g-20sfp Firmware -
Korenix Jetnet5810g Firmware -
Korenix Jetnet4510 Firmware -
Korenix Jetnet5010 Firmware -
Korenix Jetnet5310 Firmware -
Korenix Jetnet6095 Firmware -
Korenix Jetnet4706 Firmware -
Korenix Jetwave 3220 Firmware -
Korenix Jetwave 2311 Firmware -
9.3
CVSSv2
CVE-2009-0563
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility P...
Microsoft Open Xml File Format Converter
Microsoft Office 2008
Microsoft Office 2004
Microsoft Office Word Viewer 2003
Microsoft Office Word 2002
Microsoft Office Word Viewer
Microsoft Office Word 2007
Microsoft Office Word 2003
Microsoft Office Compatibility Pack For Word Excel Ppt 2007
Microsoft Office Word 2000
7 Articles
7.5
CVSSv2
CVE-2015-0936
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote malicious users to obtain SSH access by leveraging knowledge of the private key.
Ceragon Fibeair Ip-10 Firmware -
1 EDB exploit
10
CVSSv2
CVE-2015-2882
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 ...
Philips In.sight B12037 -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »