Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pedro ribeiro vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-6600
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote malicious users to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
Zohocorp Webnms Framework 5.2
1 EDB exploit
7.5
CVSSv3
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
Zohocorp Webnms Framework 5.2
1 EDB exploit
9.8
CVSSv3
CVE-2016-6602
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent malicious users to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for...
Zohocorp Webnms Framework 5.2
1 EDB exploit
9.8
CVSSv3
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote malicious users to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
Zohocorp Webnms Framework 5.2
1 EDB exploit
NA
CVE-2014-4874
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
Bmc Track-it\\! 11.3.0.355
1 EDB exploit
NA
CVE-2014-5377
ReadUsersFromMasterServlet in ManageEngine DeviceExpert prior to 5.9 build 5981 allows remote malicious users to obtain user account credentials via a direct request.
Manageengine Device Expert
1 EDB exploit
NA
CVE-2014-5445
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 up to and including 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet o...
Zohocorp Manageengine It360 10.3.0
Zohocorp Manageengine Netflow Analyzer
1 EDB exploit
9.8
CVSSv3
CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated malicious user to achieve remote code execution.
Netgear Wnr2000v5 Firmware
2 EDB exploits
NA
CVE-2015-2993
SysAid Help Desk prior to 15.2 does not properly restrict access to certain functionality, which allows remote malicious users to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
Sysaid Sysaid
1 EDB exploit
NA
CVE-2015-2998
SysAid Help Desk prior to 15.2 uses a hardcoded encryption key, which makes it easier for remote malicious users to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.
Sysaid Sysaid
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »