Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
st vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3942
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an malicious user to, in some cases, impersonate another user or perform unauthorized actions. In oth...
NA
CVE-2007-6281
Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote malicious users to execute arbitrary code via a long request.
Stbernard Open File Manager 9.5
NA
CVE-2008-2458
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the st parameter.
4shared Starsgames Control Panel
1 EDB exploit
NA
CVE-2006-1076
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote malicious users to execute arbitrary SQL commands via the st parameter.
Invision Power Services Invision Power Board 2.1.5
1 EDB exploit
7.5
CVSSv3
CVE-2014-3744
Directory traversal vulnerability in the st module prior to 0.2.5 for Node.js allows remote malicious users to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
Nodejs Node.js
4.7
CVSSv3
CVE-2023-1990
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an malicious user to crash the system due to a race problem.
Linux Linux Kernel
Linux Linux Kernel 6.3
7.5
CVSSv3
CVE-2020-19323
An issue exists in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote malicious users to restart router via the M-search request ST parameter. No authentication required
Dlink Dir-619l Firmware 2.06
5.3
CVSSv3
CVE-2017-16250
A vulnerability in Mitel ST 14.2, release GA28 and previous versions, could allow an malicious user to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
Mitel St14.2
6.5
CVSSv3
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, prior to 2008_1_700, 2008_1_710, and 740).
Sap Sap Solution Manager System 2008 1 710
Sap Sap Solution Manager System 2008 1 740
Sap Sap Solution Manager System 2008 1 700
NA
CVE-2009-1423
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and previous versions allows remote malicious users to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425.
Hp Procurve Threat Management Services Zl Module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »