Vulmon Recent Vulnerabilities Trends About Contact

Recent vulnerabilities and exploits

NA
CVE-2020-12025
Rockwell Logix Designer Studio 500 allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By persuading a victim to open a specially crafted XML file, a remote attacker could exploit this...
NA
CVE-2020-5766
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields....
NA
CVE-2020-11749
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2....
NA
CVE-2020-15689
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service....
NA
CVE-2019-20907
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation....
9.3
CVSSv2
CVE-2017-0261
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and...
MicrosoftOffice
9.3
CVSSv2
CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka...
MicrosoftOffice
9.3
CVSSv2
CVE-2012-0158
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and...
MicrosoftBiztalk ServerCommerce ServerOfficeOffice Web ComponentsSql ServerVisual BasicVisual Foxpro
9.3
CVSSv2
CVE-2015-2426
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute...
MicrosoftWindows 10Windows 7Windows 8Windows 8.1Windows RtWindows Rt 8.1Windows Server 2008Windows Server 2012Windows Vista
10
CVSSv2
CVE-2013-0422
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary...
OracleJdkJre
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-15093mods-for-heskCVE-2020-15092CVE-2020-15000insecure direct object referenceencryptionCVE-2020-8193kingcomposerCVE-2020-8195mods for heskking-themeXXECVE-2020-12414