Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-18674
GNUBOARD5 5.3.1.9 has XSS that allows remote malicious users to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
Gnuboard Gnuboard5 5.3.1.9
356
VMScore
CVE-2018-11344
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to arbitrarily specify a file on the system to download via the file1 parameter.
Asustor As6202t Firmware
383
VMScore
CVE-2018-18671
GNUBOARD5 5.3.1.9 has XSS that allows remote malicious users to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.
Gnuboard Gnuboard5 5.3.1.9
383
VMScore
CVE-2018-18675
GNUBOARD5 5.3.1.9 has XSS that allows remote malicious users to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter.
Gnuboard Gnuboard5 5.3.1.9
383
VMScore
CVE-2018-18676
GNUBOARD5 5.3.1.9 has XSS that allows remote malicious users to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.
Gnuboard Gnuboard5 5.3.1.9
755
VMScore
CVE-2007-4341
PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote malicious users to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
Omnistar Lib2 Php Library 0.2
1 EDB exploit
445
VMScore
CVE-2018-12306
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Asustor Data Master 3.1.1
107
VMScore
CVE-1999-1486
sadc in IBM AIX 4.1 up to and including 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
Ibm Aix 4.1.4
Ibm Aix 4.1.5
Ibm Aix 4.1.1
Ibm Aix 4.1.2
Ibm Aix 4.1.3
Ibm Aix 4.2
Ibm Aix 4.2.1
Ibm Aix 4.1
Ibm Aix 4.3
755
VMScore
CVE-2009-4223
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
Gianni Tommasi Kr-php Web Content Server
Gianni Tommasi Kr-php Web Content Server 1.1
1 EDB exploit
801
VMScore
CVE-2019-14920
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated malicious user to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
Billion Sg600 R2 Firmware 3.02
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »