Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9094
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
Digitalzoomstudio Video Gallery -
1 EDB exploit
NA
CVE-2014-4578
Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the uid parameter.
Wp App Maker Project Wp App Maker
NA
CVE-2014-3923
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote malicious users to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allch...
Digitalzoomstudio Video Gallery -
NA
CVE-2014-0780
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote malicious users to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Indusoft Web Studio
Indusoft Web Studio 7.1
1 EDB exploit
NA
CVE-2014-1990
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote malicious users to hijack the authentication of administrators for requests that change passwords.
Toshibatec E-studio-282 -
Toshibatec E-studio-232 -
Toshibatec E-studio-233 -
Toshibatec E-studio-283 -
1 EDB exploit
NA
CVE-2011-4193
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 prior to 1.2.1 and SUSE Studio Extension for System z 1.2 prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted application, related to cloning.
Suse Studio Onsite 1.2
Suse Studio Extension For System Z 1.2
NA
CVE-2013-5042
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x prior to 1.1.4 and 2.0.x prior to 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote malicious users to inject arbitrary web script or HTML via crafted Forever Frame transport protocol da...
Microsoft Asp.net Signalr 1.1.3
Microsoft Asp.net Signalr 1.1.0
Microsoft Asp.net Signalr 2.0.0
Microsoft Asp.net Signalr 1.1.2
Microsoft Asp.net Signalr 1.1.1
Microsoft Visual Studio Team Foundation Server 2013
NA
CVE-2013-4547
nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.
F5 Nginx
Suse Lifecycle Management Server 1.3
Suse Studio Onsite 1.3
Suse Webyast 1.3
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
1 Github repository
NA
CVE-2013-4022
IBM Data Studio Web Console 3.x prior to 3.2, Optim Performance Manager 5.x prior to 5.2, InfoSphere Optim Configuration Manager 2.x prior to 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypa...
Ibm Db2 Recovery Expert 2.0
Ibm Infosphere Optim Configuration Manager 2.0
Ibm Optim Performance Manager 5.1.0
Ibm Infosphere Optim Configuration Manager 2.1
Ibm Data Studio Web Console 3.1.0
NA
CVE-2013-4024
IBM Data Studio Web Console 3.x prior to 3.2, Optim Performance Manager 5.x prior to 5.2, InfoSphere Optim Configuration Manager 2.x prior to 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote malicious users to read session cookies by sn...
Ibm Db2 Recovery Expert 2.0
Ibm Infosphere Optim Configuration Manager 2.0
Ibm Infosphere Optim Configuration Manager 2.1
Ibm Data Studio Web Console 3.1.0
Ibm Optim Performance Manager 5.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »