Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
on-premise vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2022-1362
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
7.5
CVSSv2
CVE-2022-1357
The affected On-Premise cnMaestro allows an unauthenticated malicious user to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an malicious user to append arbitrary data to the logger command.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
5
CVSSv2
CVE-2022-1359
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where...
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
5
CVSSv2
CVE-2022-1361
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an malicious user to exfiltrate data about other user’s accounts and devices.
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
10
CVSSv2
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the L...
Sysaid Sysaid
5
CVSSv2
CVE-2022-22783
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.
Zoom Zoom On-premise Meeting Connector Controller 4.8.102.20220310
Zoom Zoom On-premise Meeting Connector Mmr 4.8.102.20220310
4.3
CVSSv2
CVE-2022-24799
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receive...
Wire Wire-webapp 2019-02-11
Wire Wire-webapp 2019-02-13
Wire Wire-webapp 2019-02-18
Wire Wire-webapp 2019-02-27
Wire Wire-webapp 2019-02-28
Wire Wire-webapp 2019-03-05
Wire Wire-webapp 2019-03-07
Wire Wire-webapp 2019-03-11
Wire Wire-webapp 2019-03-13
Wire Wire-webapp 2019-03-20
Wire Wire-webapp 2019-03-25
Wire Wire-webapp 2019-03-28
Wire Wire-webapp 2019-04-08
Wire Wire-webapp 2019-04-11
Wire Wire-webapp 2019-04-18
Wire Wire-webapp 2019-04-23
Wire Wire-webapp 2019-04-25
Wire Wire-webapp 2019-04-29
Wire Wire-webapp 2019-05-14
Wire Wire-webapp 2019-05-15
Wire Wire-webapp 2019-05-31
Wire Wire-webapp 2019-06-04
5
CVSSv2
CVE-2021-41119
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a...
Wire Wire-server
4
CVSSv2
CVE-2022-25266
Passwork On-Premise Edition prior to 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
Passwork Passwork
6.5
CVSSv2
CVE-2022-25267
Passwork On-Premise Edition prior to 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
Passwork Passwork
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »