Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0863
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote malicious user to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption i...
Microsoft .net Windows Server Beta3
Microsoft Windows 2000 Terminal Services
Microsoft Windows Xp
Microsoft Windows 2000
Microsoft Windows Nt 4.0
NA
CVE-2015-6348
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
Cisco Secure Access Control Server 5.7.0.15
NA
CVE-1999-1085
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote malicious users to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and comput...
Ssh Secure Shell 1.2.25
Ssh Secure Shell 1.2.23
NA
CVE-2020-28418
A weak ACL may potentially allow an unauthorized person to load arbitrary code.
NA
CVE-2010-2967
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks prior to 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote malicious users to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.
Windriver Vxworks 6
Windriver Vxworks 5
Windriver Vxworks 6.4
Windriver Vxworks
Windriver Vxworks 5.5
NA
CVE-2002-1809
The default configuration of the Windows binary release of MySQL 3.23.2 up to and including 3.23.52 has a NULL root password, which could allow remote malicious users to gain unauthorized root access to the MySQL database.
Oracle Mysql 3.23.2
Oracle Mysql 3.23.3
Oracle Mysql 3.23.4
Oracle Mysql 3.23.5
Oracle Mysql 3.23.8
Oracle Mysql 3.23.9
Oracle Mysql 3.23.10
Oracle Mysql 3.23.23
Oracle Mysql 3.23.24
Oracle Mysql 3.23.25
Oracle Mysql 3.23.26
Oracle Mysql 3.23.27
Oracle Mysql 3.23.28
Oracle Mysql 3.23.29
Oracle Mysql 3.23.30
Oracle Mysql 3.23.31
Oracle Mysql 3.23.34
Oracle Mysql 3.23.36
Oracle Mysql 3.23.37
Oracle Mysql 3.23.38
Oracle Mysql 3.23.39
Oracle Mysql 3.23.40
1 EDB exploit
NA
CVE-2001-0741
Cisco Hot Standby Routing Protocol (HSRP) allows local malicious users to cause a denial of service by spoofing HSRP packets.
Cisco Hsrp
1 EDB exploit
NA
CVE-2014-2227
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) prior to 3.0.1 does not restrict access to the application, which allows remote malicious users to bypass the Same Origin Policy via a crafted SW...
Ui Unifi Video
1 EDB exploit
NA
CVE-2008-4102
Joomla! 1.5 prior to 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for malicious users to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008...
Joomla Joomla 1.5.5
Joomla Joomla 1.5
Joomla Joomla 1.5.3
Joomla Joomla 1.5.2
Joomla Joomla 1.5.1
Joomla Joomla 1.5.4
Joomla Joomla 1.5.6
7.8
CVSSv3
CVE-2018-7581
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
Weblogexpert Weblog Expert 9.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »