Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pedro ribeiro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3000
SysAid Help Desk prior to 15.2 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expan...
Sysaid Sysaid
1 EDB exploit
NA
CVE-2014-3996
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition prior to 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition pri...
Manageengine It360
Manageengine Password Manager Pro
Manageengine Desktop Central
1 EDB exploit
NA
CVE-2014-4872
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote malicious users to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or ...
Bmc Track-it\\! 11.3.0.355
2 EDB exploits
1 Github repository
NA
CVE-2014-5006
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) prior to 9 build 90055 allows remote malicious users to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
Zohocorp Manageengine Desktop Central
2 EDB exploits
7.2
CVSSv3
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk prior to 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveT...
Novell Service Desk
2 EDB exploits
NA
CVE-2014-5005
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) prior to 9 build 90055 allows remote malicious users to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
Zohocorp Manageengine Desktop Central
2 EDB exploits
9.8
CVSSv3
CVE-2018-6000
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows malicious users to set the admin password and launch an SSH daemon (or enable i...
Asus Asuswrt
2 EDB exploits
NA
CVE-2015-0779
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 prior to 11.3.2 allows remote malicious users to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the file...
Novell Zenworks Configuration Management 11.2.2
Novell Zenworks Configuration Management 11
Novell Zenworks Configuration Management 11.2.3
Novell Zenworks Configuration Management 11.2
Novell Zenworks Configuration Management 11.2.1
2 EDB exploits
NA
CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk prior to 15.2 does not properly check file extensions, which allows remote malicious users to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
Sysaid Sysaid
2 EDB exploits
9.8
CVSSv3
CVE-2015-6922
Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.33, 8.x prior to 8.0.0.23, 9.0 prior to 9.0.0.19, and 9.1 prior to 9.1.0.9 does not properly require authentication, which allows remote malicious users to bypass authentication and (1) add an administrative account via...
Kaseya Virtual System Administrator
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »