Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
akkus vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-11447
An issue exists in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The h...
Cutephp Cutenews 2.1.2
8 Github repositories
8.8
CVSSv3
CVE-2018-18924
The image-upload feature in ProjeQtOr 7.2.5 allows remote malicious users to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" er...
Projeqtor Projeqtor
1 EDB exploit
7.5
CVSSv3
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Php-proxy Php-proxy 3.0.3
1 EDB exploit
7.8
CVSSv3
CVE-2018-19459
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
Armcode Adult Filter 1.0
1 EDB exploit
6.1
CVSSv3
CVE-2018-20503
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
Alliedtelesis 8100l\\/8 Firmware -
1 EDB exploit
9.8
CVSSv3
CVE-2022-22831
An issue exists in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
Servisnet Tessa 0.0.2
9.8
CVSSv3
CVE-2022-22832
An issue exists in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
Servisnet Tessa 0.0.2
7.5
CVSSv3
CVE-2022-22833
An issue exists in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
Servisnet Tessa 0.0.2
8.8
CVSSv3
CVE-2019-12840
In Webmin up to and including 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Webmin Webmin
12 Github repositories
8.8
CVSSv3
CVE-2020-35606
Arbitrary command execution can occur in Webmin up to and including 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-1...
Webmin Webmin
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »