Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2018-15483
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.
Kone Group Controller Firmware
890
VMScore
CVE-2018-15484
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
Kone Group Controller Firmware
570
VMScore
CVE-2018-15485
An issue exists on KONE Group Controller (KGC) devices prior to 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
Kone Group Controller Firmware
655
VMScore
CVE-2013-3240
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x prior to 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
Phpmyadmin Phpmyadmin 4.0.0
1 EDB exploit
755
VMScore
CVE-2013-3294
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.2.0 release candidate 1 allow remote malicious users to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
Exponentcms Exponent Cms 2.1.0
Exponentcms Exponent Cms 2.1.1
Exponentcms Exponent Cms 2.0.0
Exponentcms Exponent Cms 0.99.0
Exponentcms Exponent Cms 2.0.6
Exponentcms Exponent Cms 2.0.7
Exponentcms Exponent Cms 2.1.4
Exponentcms Exponent Cms
Exponentcms Exponent Cms 2.0.3
Exponentcms Exponent Cms 2.0.8
Exponentcms Exponent Cms 2.0.9
Exponentcms Exponent Cms 2.0.2
Exponentcms Exponent Cms 2.0.1
Exponentcms Exponent Cms 2.0.4
Exponentcms Exponent Cms 2.0.5
Exponentcms Exponent Cms 2.1.2
Exponentcms Exponent Cms 2.1.3
Exponentcms Exponent Cms 0.98.0
Exponentcms Exponent Cms 0.97.0
1 EDB exploit
1000
VMScore
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine up to and including 10.0r8a allows malicious users to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to ...
Extremenetworks Aerohive Netconfig
Extremenetworks Aerohive Netconfig 10.0r8a
1 Metasploit module
2 Github repositories
610
VMScore
CVE-2013-3238
phpMyAdmin 3.5.x prior to 3.5.8 and 4.x prior to 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
Phpmyadmin Phpmyadmin 3.5.5
Phpmyadmin Phpmyadmin 3.5.3.0
Phpmyadmin Phpmyadmin 3.5.7
Phpmyadmin Phpmyadmin 3.5.4
Phpmyadmin Phpmyadmin 3.5.8
Phpmyadmin Phpmyadmin 3.5.2.2
Phpmyadmin Phpmyadmin 3.5.1.0
Phpmyadmin Phpmyadmin 3.5.2.1
Phpmyadmin Phpmyadmin 3.5.6
Phpmyadmin Phpmyadmin 3.5.0.0
Phpmyadmin Phpmyadmin 3.5.2.0
Phpmyadmin Phpmyadmin 4.0.0
2 EDB exploits
605
VMScore
CVE-2009-3580
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote malicious users to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.
Sql-ledger Sql-ledger 2.8.24
312
VMScore
CVE-2009-3581
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts ...
Sql-ledger Sql-ledger 2.8.24
445
VMScore
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Sql-ledger Sql-ledger 2.8.24
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »