Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web management portal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-17411
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper v...
Linksys Wvbr0 Firmware
2 EDB exploits
5.4
CVSSv3
CVE-2022-30611
IBM Spectrum Copy Data Management 2.2.0.0 up to and including 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject maliciou...
Ibm Spectrum Copy Data Management
7.5
CVSSv3
CVE-2018-1000133
Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The use...
Secluded Trident 1.4.6
5.4
CVSSv3
CVE-2019-1719
A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient ...
Cisco Identity Services Engine 2.1\\(0.474\\)
8.8
CVSSv3
CVE-2022-24780
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is f...
Combodo Itop 3.0.0
Combodo Itop
1 Github repository
7.5
CVSSv3
CVE-2019-10711
Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows malicious users to view an RTSP stream by connecting to the stream with hidden credentials (guest or user) that are neither displa...
Hisilicon Hi3510 Firmware
6.1
CVSSv3
CVE-2019-12695
A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-ba...
Cisco Adaptive Security Appliance
Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense
6.1
CVSSv3
CVE-2019-12631
A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficien...
Cisco Identity Services Engine 2.6
Cisco Identity Services Engine 2.4
Cisco Identity Services Engine
5.7
CVSSv3
CVE-2023-20116
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote malicious user to cause a denial of servi...
Cisco Unified Communications Manager 11.5\\(1.10000.6\\)
Cisco Unified Communications Manager 12.0\\(1.10000.10\\)
Cisco Unified Communications Manager 12.5\\(1.10000.22\\)
Cisco Unified Communications Manager 14.0\\(1.10000.20\\)
6.8
CVSSv3
CVE-2022-43619
This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific f...
Dlink Dir-1935 Firmware
Dlink Dir-1935 Firmware 1.03
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »