Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-0768
The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login sess...
Cisco Prime Network Control System 2.1\\(0.0.85\\)
Cisco Prime Network Control System 2.2\\(0.0.58\\)
Cisco Prime Network Control System 2.2\\(0.0.69\\)
7.2
CVSSv2
CVE-2019-1601
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local malicious user to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted d...
Cisco Nx-os
7.5
CVSSv2
CVE-2005-0316
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote malicious users to bypass intended access restrictions.
Webwasher Webwasher Classic 2.2.1
Webwasher Webwasher Classic 3.3
1 EDB exploit
2.1
CVSSv2
CVE-2021-34771
A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local malicious user to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker ...
Cisco Ios Xr
7.5
CVSSv2
CVE-2005-2729
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote malicious users to bypass firewall rules and connect to local services.
Astaro Security Linux 6.001
1 EDB exploit
6.8
CVSSv2
CVE-2016-6377
Media Origination System Suite Software 2.6 and previous versions in Cisco Virtual Media Packager (VMP) allows remote malicious users to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.
Cisco Media Origination System Suite 2.3 Base
Cisco Media Origination System Suite 2.3\\(7\\)
Cisco Media Origination System Suite 2.3\\(8\\)
Cisco Media Origination System Suite 2.4\\(1\\)
Cisco Media Origination System Suite 2.3\\(2\\)
Cisco Media Origination System Suite 2.3\\(6\\)
Cisco Media Origination System Suite 2.6 Base
Cisco Media Origination System Suite 2.3\\(1\\)
Cisco Media Origination System Suite 2.4 Base
Cisco Media Origination System Suite 2.5 Base
Cisco Media Origination System Suite 2.5\\(0\\)
Cisco Media Origination System Suite 2.5\\(1\\)
10
CVSSv2
CVE-2017-12337
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote malicious user to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a ...
Cisco Prime License Manager -
Cisco Unity Connection -
Cisco Emergency Responder -
Cisco Unified Communications Manager Im And Presence Service -
Cisco Unified Communications Manager -
Cisco Finesse -
Cisco Mediasense -
Cisco Socialminer -
Cisco Unified Intelligence Center -
Cisco Hosted Collaboration Solution -
Cisco Unified Contact Center Express -
6.4
CVSSv2
CVE-2003-1521
Sun Java Plug-In 1.4 up to and including 1.4.2_02 allows remote malicious users to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
Sun Java Plug-in 1.4
Sun Java Plug-in 1.4.2
Sun Java Plug-in 1.4.2 01
Sun Java Plug-in 1.4.2 02
1 EDB exploit
5
CVSSv2
CVE-2017-12363
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote malicious user to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerabili...
Cisco Webex Meetings Server 2.6.0.8
Cisco Webex Meetings Server 2.7
5
CVSSv2
CVE-2002-0922
CGIScript.net csNews.cgi allows remote malicious users to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.
Cgiscript.net Csnews 1.0
Cgiscript.net Csnews 1.0 Professional
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »