Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iii vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-13645
Firefly III prior to 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rig...
Firefly-iii Firefly Iii
3.5
CVSSv2
CVE-2019-13646
Firefly III prior to 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability
Firefly-iii Firefly Iii
3.5
CVSSv2
CVE-2019-13647
Firefly III prior to 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access r...
Firefly-iii Firefly Iii
7.5
CVSSv2
CVE-2017-11721
Buffer overflow in ioquake3 prior to 2017-08-02 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
Ioquake3 Ioquake3
3.3
CVSSv2
CVE-2016-4863
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and la...
Toshiba Flashair
9.3
CVSSv2
CVE-2017-6903
In ioquake3 prior to 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger loading of crafted auto-...
Ioquake3 Ioquake3
5.4
CVSSv2
CVE-2014-7804
The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Apptreestudios Gangsta Auto Thief Iii 1.1
7.5
CVSSv2
CVE-2014-2081
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua prior to 2013.2.4 and 2014.x prior to 2014.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Iii Vtls-virtua 2014.1.0
Iii Vtls-virtua 2013.2.3
1 EDB exploit
4.3
CVSSv2
CVE-2014-5136
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Iii Sierra 1.2 3
5
CVSSv2
CVE-2014-5137
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote malicious users to enumerate account names via a series of login requests, possibly related to the Webpac ...
Iii Sierra 1.2 3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »