Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4223
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
Gianni Tommasi Kr-php Web Content Server
Gianni Tommasi Kr-php Web Content Server 1.1
1 EDB exploit
6.1
CVSSv3
CVE-2018-18678
GNUBOARD5 prior to 5.3.2.0 has XSS that allows remote malicious users to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
Gnuboard Gnuboard5
9.8
CVSSv3
CVE-2023-24796
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote malicious user to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.
Vinga Wr-ac1200 Firmware
8.8
CVSSv3
CVE-2020-10583
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary OS commands on the server as the user running the application.
Invigo Automatic Device Management
8.8
CVSSv3
CVE-2017-5259
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
Cambiumnetworks Cnpilot R190v Firmware
Cambiumnetworks Cnpilot E410 Firmware
Cambiumnetworks Cnpilot R190n Firmware
Cambiumnetworks Cnpilot E400 Firmware
Cambiumnetworks Cnpilot E600 Firmware
7.5
CVSSv3
CVE-2020-10584
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote malicious users to read arbitrary server files accessible to the user running the application.
Invigo Automatic Device Management
NA
CVE-2024-30950
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
4.3
CVSSv3
CVE-2018-11342
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.
Asustor As6202t Firmware
5.5
CVSSv3
CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and previous versions. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Canonical Subiquity
9.8
CVSSv3
CVE-2020-10582
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote malicious users to execute arbitrary SQL requests (including data reading and modification) on the database.
Invigo Automatic Device Management
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »