Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7309
The theme editor in Bolt prior to 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
Boltcms Bolt
1 EDB exploit
NA
CVE-2010-3747
An ActiveX control in RealNetworks RealPlayer 11.0 up to and including 11.1, RealPlayer SP 1.0 up to and including 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote malicious users...
Realnetworks Realplayer 11.1
Realnetworks Realplayer 11.0.4
Realnetworks Realplayer 11.0.5
Realnetworks Realplayer 11.0.2
Realnetworks Realplayer 11.0.3
Realnetworks Realplayer 11.0
Realnetworks Realplayer 11.0.1
Realnetworks Realplayer Sp 1.0.0
Realnetworks Realplayer Sp 1.1.3
Realnetworks Realplayer Sp 1.1.4
Realnetworks Realplayer Sp 1.1.1
Realnetworks Realplayer Sp 1.1.2
Realnetworks Realplayer Sp 1.0.5
Realnetworks Realplayer Sp 1.1
Realnetworks Realplayer Sp 1.0.1
Realnetworks Realplayer Sp 1.0.2
Realnetworks Realplayer 2.1.2
1 EDB exploit
NA
CVE-2005-0684
Multiple buffer overflows in the web tool for MySQL MaxDB prior to 7.5.00.26 allows remote malicious users to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functiona...
Mysql Maxdb 7.5.00.08
Mysql Maxdb 7.5.00.19
Mysql Maxdb 7.5.00.12
Mysql Maxdb 7.5.00.14
Mysql Maxdb 7.5.00.15
Mysql Maxdb 7.5.00.16
Mysql Maxdb 7.5.00
Mysql Maxdb 7.5.00.11
Mysql Maxdb 7.5.00.18
Mysql Maxdb 7.5.00.23
1 EDB exploit
5.3
CVSSv3
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
Lcds Laquis Scada
1 EDB exploit
9.8
CVSSv3
CVE-2020-8657
An issue exists in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an malicious user to calculate/guess the admin access token.
Eyesofnetwork Eyesofnetwork 5.3-0
1 EDB exploit
NA
CVE-2008-3979
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not ...
Oracle Database 10g 10.2.0.2
Oracle Database 10g 10.1.0.5
1 EDB exploit
NA
CVE-2008-2286
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176 allows remote malicious users to execute arbitrary SQL commands via unspecified string fields in a notification packet.
Symantec Altiris Deployment Solution 6.9
Symantec Altiris Deployment Solution 6.8
1 EDB exploit
9.8
CVSSv3
CVE-2013-0803
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
Polarbear Cms Project Polarbear Cms 2.5
1 EDB exploit
7.5
CVSSv3
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.
Samsung Internet Browser 5.4.02.3
1 EDB exploit
7.2
CVSSv3
CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware prior to 1.6.0 and AM-101 devices with firmware prior to 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Crestron Airmedia Am-100 Firmware
Crestron Airmedia Am-101 Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »