Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-15571
The WEB control panel prior to 2019-04-30 for ClonOS allows SQL injection in clonos.php.
Clonos Project Clonos
668
VMScore
CVE-2019-9950
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware prior to 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file che...
Westerndigital My Cloud Firmware
Westerndigital My Cloud Mirror Gen2 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
1 Github repository
668
VMScore
CVE-2016-9483
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclu...
Jqueryform Php Formmail Generator -
668
VMScore
CVE-2016-9482
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel
Jqueryform Php Formmail Generator -
668
VMScore
CVE-2016-9492
The code generated by PHP FormMail Generator before 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all v...
Jqueryform Php Formmail Generator
668
VMScore
CVE-2017-15304
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware prior to 3.0 allows an malicious user to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password chan...
Airtame Hdmi Dongle Firmware
668
VMScore
CVE-2017-12424
In shadow prior to 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege bound...
Shadow Project Shadow
Debian Debian Linux 9.0
668
VMScore
CVE-2011-0434
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) prior to 0.32.9 allow remote malicious users to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
Gplhost Domain Technologie Control
Gplhost Domain Technologie Control 0.29.8
Gplhost Domain Technologie Control 0.28.9
Gplhost Domain Technologie Control 0.32.1
Gplhost Domain Technologie Control 0.25.3
Gplhost Domain Technologie Control 0.30.6
Gplhost Domain Technologie Control 0.26.9
Gplhost Domain Technologie Control 0.29.1
Gplhost Domain Technologie Control 0.27.3
Gplhost Domain Technologie Control 0.28.4
Gplhost Domain Technologie Control 0.32.3
Gplhost Domain Technologie Control 0.28.10
Gplhost Domain Technologie Control 0.25.1
Gplhost Domain Technologie Control 0.30.18
Gplhost Domain Technologie Control 0.26.8
Gplhost Domain Technologie Control 0.28.6
Gplhost Domain Technologie Control 0.28.2
Gplhost Domain Technologie Control 0.32.2
Gplhost Domain Technologie Control 0.29.14
Gplhost Domain Technologie Control 0.29.17
Gplhost Domain Technologie Control 0.26.7
Gplhost Domain Technologie Control 0.29.16
668
VMScore
CVE-2006-3805
The Javascript engine in Mozilla Firefox prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3 might allow remote malicious users to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still bei...
Mozilla Firefox 1.5
Mozilla Seamonkey 1.0.2
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.0.1
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.4
Mozilla Thunderbird 1.5.0.4
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.2
Mozilla Thunderbird 1.5
Mozilla Thunderbird 1.5.0.2
668
VMScore
CVE-2006-3808
Mozilla Firefox prior to 1.5.0.5 and SeaMonkey prior to 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
Mozilla Seamonkey 1.0.1
Mozilla Seamonkey 1.0.2
Mozilla Firefox 1.5.0.4
Mozilla Seamonkey 1.0
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5
Mozilla Firefox 1.5.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »