Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
administrator vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-9065
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA ins...
Lenovo Xclarity Administrator
8.8
CVSSv3
CVE-2018-9066
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
Lenovo Xclarity Administrator
9.8
CVSSv3
CVE-2021-21513
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to g...
Dell Openmanage Server Administrator
4.9
CVSSv3
CVE-2021-21514
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
Dell Openmanage Server Administrator
1 Github repository
7.4
CVSSv3
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
9.8
CVSSv3
CVE-2023-3211
The WordPress Database Administrator WordPress plugin up to and including 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Dmparekh Wordpress Database Administrator
9.8
CVSSv3
CVE-2018-20753
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 prior to 9.4.0.36, and R9.5 prior to 9.5.0.5 allows unprivileged remote malicious users to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
Kaseya Virtual System Administrator
1 Article
8.8
CVSSv3
CVE-2016-8523
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
Hp Smart Storage Administrator
1 EDB exploit
NA
CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.29, 8.x prior to 8.0.0.18, 9.0 prior to 9.0.0.14, and 9.1 prior to 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
Kaseya Virtual System Administrator
1 EDB exploit
NA
CVE-2008-1403
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and previous versions in BootManage Administrator 7.1 and previous versions allows remote malicious users to execute arbitrary code via a request with a long filename.
Bootmanage Tftpd
Bootmanage Administrator
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »