Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h00die vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-12478
It exists that the api/storage web interface in Unitrends Backup (UB) prior to 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the targ...
Kaseya Unitrends Backup
3 EDB exploits
9.8
CVSSv3
CVE-2023-30013
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an malicious user to execute arbitrary commands through the "command" parameter.
Totolink X5000r Firmware 9.1.0u.6118 B20201102
Totolink X5000r Firmware 9.1.0u.6369 B20230113
1 Metasploit module
9.8
CVSSv3
CVE-2024-23759
Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Gambio Gambio 4.9.2.0
1 Metasploit module
8.8
CVSSv3
CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can...
Apache Spark
1 Metasploit module
18 Github repositories
9.8
CVSSv3
CVE-2023-20887
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Vmware Vrealize Network Insight
1 Metasploit module
4 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Ivanti Endpoint Manager Cloud Services Appliance
Ivanti Endpoint Manager Cloud Services Appliance 4.6
1 Metasploit module
2 Github repositories
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
Monitorr Monitorr 1.7.6m
1 Metasploit module
2 Github repositories
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
7.5
CVSSv3
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »