Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
management server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-24019
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via o...
Fortinet Forticlient Endpoint Management Server
7.5
CVSSv2
CVE-2020-10655
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) prior to 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote malicious user to execute arbitrary code with local administ...
Proofpoint Insider Threat Management Server
7.5
CVSSv2
CVE-2020-10656
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) prior to 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote malicious user to execute arbitrary code with lo...
Proofpoint Insider Threat Management Server
NA
CVE-2023-35998
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an malicious user to first obtain a valid agent authentication toke...
Proofpoint Insider Threat Management Server
NA
CVE-2023-36002
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions prior to 7.14.3 are affected.
Proofpoint Insider Threat Management Server
NA
CVE-2024-23616
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
Broadcom Symantec Server Management Suite
3.5
CVSSv2
CVE-2020-15940
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated malicious user to inject malicious script/tags via the name parameter of various sections of the server.
Fortinet Forticlient Enterprise Management Server
5.5
CVSSv2
CVE-2020-15941
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated malicious user to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
Fortinet Forticlient Endpoint Management Server
NA
CVE-2021-44172
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 up to and including 7.0.4, 7.0.6 up to and including 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated malicious user to gain i...
Fortinet Forticlient Endpoint Management Server
6.8
CVSSv2
CVE-2003-0002
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote malicious users to execute arbitrary script via the REASONTXT parameter.
Microsoft Content Management Server 2001
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »