Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
management server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36002
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions prior to 7.14.3 are affected.
Proofpoint Insider Threat Management Server
NA
CVE-2023-45581
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 up to and including 7.2.2 and prior to 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted H...
Fortinet Forticlient Enterprise Management Server
NA
CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 up to and including 7.2.2, FortiClientEMS 7.0.1 up to and including 7.0.10 allows malicious user to execute unauthorized code or commands via ...
Fortinet Forticlient Enterprise Management Server
6 Github repositories
4 Articles
NA
CVE-2022-38129
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote malicious user to upload arbitrary files to the SMS host.
Keysight Sensor Management Server 2.4.0
NA
CVE-2022-38130
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database ...
Keysight Sensor Management Server 2.4.0
NA
CVE-2024-23616
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
Broadcom Symantec Server Management Suite
3.5
CVSSv2
CVE-2020-15940
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated malicious user to inject malicious script/tags via the name parameter of various sections of the server.
Fortinet Forticlient Enterprise Management Server
5.5
CVSSv2
CVE-2020-15941
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated malicious user to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
Fortinet Forticlient Endpoint Management Server
6.8
CVSSv2
CVE-2003-0002
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote malicious users to execute arbitrary script via the REASONTXT parameter.
Microsoft Content Management Server 2001
1 EDB exploit
7.5
CVSSv2
CVE-2021-24019
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via o...
Fortinet Forticlient Endpoint Management Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »