Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web services vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2021-37253
M-Files Web prior to 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual ...
M-files M-files Web
6.5
CVSSv2
CVE-2018-0394
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote malicious user to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specif...
Cisco Cloud Services Platform 2100 2.2\\(4\\)
4.3
CVSSv2
CVE-2005-3329
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
Rsa Authentication Agent For Web 5.1
Rsa Authentication Agent For Web 5.1.1
Rsa Authentication Agent For Web 5.2
Rsa Authentication Agent For Web
1 EDB exploit
10
CVSSv2
CVE-2013-2934
Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Citrix Cloudportal Services Manager
Citrix Cloudportal Services Manager 10.0
4.3
CVSSv2
CVE-2007-4912
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote malicious users to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets oth...
Invision Power Services Invision Power Board 2.1.5 2006-04-25
Invision Power Services Invision Power Board 2.1.6
Invision Power Services Invision Power Board 2.2
Invision Power Services Invision Power Board 2.2.1
Invision Power Services Invision Power Board 2.1.5 2006-03-08
Invision Power Services Invision Power Board 2.2.2
4.3
CVSSv2
CVE-2005-2089
Microsoft IIS 5.0 and 6.0 allows remote malicious users to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to inco...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 6.0
9.3
CVSSv2
CVE-2013-1315
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote malicious users to execute arbitrary code or ca...
Microsoft Excel Viewer
Microsoft Excel 2013
Microsoft Office Compatibility Pack
Microsoft Excel 2003
Microsoft Office 2011
Microsoft Sharepoint Foundation 2010
Microsoft Excel 2010
Microsoft Excel 2007
Microsoft Sharepoint Services 3.0
Microsoft Sharepoint Server 2007
Microsoft Sharepoint Server 2010
Microsoft Sharepoint Services 2.0
Microsoft Sharepoint Portal Server 2003
Microsoft Office Web Apps 2010
4.3
CVSSv2
CVE-2015-4266
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks and unspecified other attacks via a crafted web s...
Cisco Identity Services Engine Software 1.1\\(4.1\\)
Cisco Identity Services Engine Software 1.3\\(106.146\\)
Cisco Identity Services Engine Software 1.3\\(120.135\\)
4.3
CVSSv2
CVE-2010-0714
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 up to and including 5.1.0.5, 6.0.0.0 up to and including 6.0.0.4, 6.0.1.0 up to and including 6.0.1.7, 6.1...
Ibm Websphere Portal 6.0.0.2
Ibm Websphere Portal 5.1.0.4
Ibm Websphere Portal 6.0.1.4
Ibm Websphere Portal 6.0.1.5
Ibm Websphere Portal 6.1.5.0
Ibm Websphere Portal 5.1.0.3
Ibm Websphere Portal 5.1.0.2
Ibm Websphere Portal 5.1.0.1
Ibm Websphere Portal 6.0.0.3
Ibm Websphere Portal 6.0.1.6
Ibm Websphere Portal 6.0.1.7
Ibm Websphere Portal 5.1.0.0
Ibm Websphere Portal 5.1.0.5
Ibm Websphere Portal 6.0.0.4
Ibm Websphere Portal 6.0.1.0
Ibm Websphere Portal 6.0.1.1
Ibm Websphere Portal 6.1.0.0
Ibm Websphere Portal 6.1.0.1
Ibm Websphere Portal 6.0.0.0
Ibm Websphere Portal 6.0.0.1
Ibm Websphere Portal 6.0.1.2
Ibm Websphere Portal 6.0.1.3
1 EDB exploit
4
CVSSv2
CVE-2019-11204
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information ...
Tibco Spotfire Statistics Services
Tibco Spotfire Statistics Services 10.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »