Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit.com vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-30625
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server before 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions ...
Rudderstack Rudder-server
NA
CVE-2014-2269
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote malicious users to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
Vtiger Vtiger Crm 6.0.0
9.8
CVSSv3
CVE-2017-6553
Buffer Overflow in Quest One Identity Privilege Manager for Unix prior to 6.0.0.061 allows remote malicious users to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.
Quest Privilege Manager For Unix
1 EDB exploit
7.2
CVSSv3
CVE-2017-6554
pmmasterd in Quest Privilege Manager prior to 6.0.0.061, when configured as a policy server, allows remote malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.
Quest Privilege Manager 6.0.0-27
Quest Privilege Manager 6.0.0-50
1 EDB exploit
NA
CVE-2010-3585
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle ...
Oracle Vm 2.2.1
1 EDB exploit
9.8
CVSSv3
CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated malicious user to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210...
Sonicwall Sma 200 Firmware 10.2.0.8-37sv
Sonicwall Sma 200 Firmware 10.2.1.1-19sv
Sonicwall Sma 200 Firmware 10.2.1.2-24sv
Sonicwall Sma 210 Firmware 10.2.0.8-37sv
Sonicwall Sma 210 Firmware 10.2.1.1-19sv
Sonicwall Sma 210 Firmware 10.2.1.2-24sv
Sonicwall Sma 410 Firmware 10.2.0.8-37sv
Sonicwall Sma 410 Firmware 10.2.1.1-19sv
Sonicwall Sma 410 Firmware 10.2.1.2-24sv
Sonicwall Sma 400 Firmware 10.2.0.8-37sv
Sonicwall Sma 400 Firmware 10.2.1.1-19sv
Sonicwall Sma 400 Firmware 10.2.1.2-24sv
Sonicwall Sma 500v Firmware 10.2.0.8-37sv
Sonicwall Sma 500v Firmware 10.2.1.1-19sv
Sonicwall Sma 500v Firmware 10.2.1.2-24sv
3 Github repositories
1 Article
9.8
CVSSv3
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote malicious users to upload and execute arbitrary files via the ConnectionId parameter.
Manageengine Desktop Central 9.0
1 EDB exploit
3 Github repositories
5.5
CVSSv3
CVE-2022-3113
An issue exists in the Linux kernel up to and including 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
Linux Linux Kernel 5.16.0
Linux Linux Kernel
NA
CVE-2010-3189
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote malicious users to execute arbitrary code via an invalid address that is dereferenced as a pointer.
Trendmicro Internet Security 2010
1 EDB exploit
NA
CVE-2016-582384
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to pre...
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »