Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
on-premise vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-29299
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 ...
Zyxel Vpn Orchestrator
Zyxel Zld
Zyxel Nsg Firmware
Zyxel Nsg Firmware 1.33
Zyxel Usg Flex Firmware -
5.3
CVSSv3
CVE-2020-28861
OpenAsset Digital Asset Management (DAM) 12.0.19 and previous versions failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated malicious users to gain access to potentially sensitive project information stored by the application.
Openasset Digital Asset Management
6.1
CVSSv3
CVE-2020-28857
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
Openasset Digital Asset Management
6.1
CVSSv3
CVE-2020-28859
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
Openasset Digital Asset Management
7.5
CVSSv3
CVE-2020-28856
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing malicious users to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectivel...
Openasset Digital Asset Management
9.8
CVSSv3
CVE-2020-12145
Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances t...
Silver-peak Unity Orchestrator
5.4
CVSSv3
CVE-2020-1063
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
Microsoft Dynamics 365 8.2
Microsoft Dynamics 365 9.0
7.5
CVSSv3
CVE-2020-8982
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or ins...
Citrix Sharefile Storagezones Controller
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.9.0
1 Github repository
7.5
CVSSv3
CVE-2020-8983
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be...
Citrix Sharefile Storagezones Controller
Citrix Sharefile Storagezones Controller 5.6.0
Citrix Sharefile Storagezones Controller 5.7.0
Citrix Sharefile Storagezones Controller 5.8.0
Citrix Sharefile Storagezones Controller 5.9.0
1 Github repository
9.8
CVSSv3
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may...
Sysaid On-premise 20.1.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »