Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dawid golunski vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Vanillaforums Vanilla
1 EDB exploit
1 Article
7.5
CVSSv3
CVE-2016-4793
The clientIp function in CakePHP 3.2.4 and previous versions allows remote malicious users to spoof their IP via the CLIENT-IP HTTP header.
Cakephp Cakephp
1 EDB exploit
7
CVSSv3
CVE-2016-6664
mysqld_safe in Oracle MySQL up to and including 5.5.51, 5.6.x up to and including 5.6.32, and 5.7.x up to and including 5.7.14; MariaDB; Percona Server prior to 5.5.51-38.2, 5.6.x prior to 5.6.32-78-1, and 5.7.x prior to 5.7.14-8; and Percona XtraDB Cluster prior to 5.5.41-37.0, ...
Oracle Mysql
Mariadb Mariadb
Percona Percona Server
Percona Xtradb Cluster
1 EDB exploit
1 Github repository
1 Article
7
CVSSv3
CVE-2016-1531
Exim prior to 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
Exim Exim
3 EDB exploits
6 Github repositories
5.9
CVSSv3
CVE-2017-8295
WordPress up to and including 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote malicious users to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message t...
Wordpress Wordpress
1 EDB exploit
8 Github repositories
5.5
CVSSv3
CVE-2017-8806
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package prior to 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local d...
Postgresql Postgresql -
4 Github repositories
NA
CVE-2016-5617
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have ...
1 EDB exploit
1 Github repository
NA
CVE-2015-5161
The Zend_Xml_Security::scan in ZendXml prior to 1.0.1 and Zend Framework prior to 1.12.14, 2.x prior to 2.4.6, and 2.5.x prior to 2.5.2, when running under PHP-FPM in a threaded environment, allows remote malicious users to bypass security checks and conduct XML external entity (...
Zend Zend Framework 1.0.0
Zend Zend Framework 1.5.0
Zend Zend Framework 1.5.1
Zend Zend Framework 1.6.1
Zend Zend Framework 1.6.2
Zend Zend Framework 1.7.3
Zend Zend Framework 1.7.4
Zend Zend Framework 1.8.0
Zend Zend Framework 1.8.1
Zend Zend Framework 1.9.0
Zend Zend Framework 1.9.5
Zend Zend Framework 1.9.6
Zend Zend Framework 1.10.2
Zend Zend Framework 1.10.3
Zend Zend Framework 1.11.0
Zend Zend Framework 1.11.6
Zend Zend Framework 1.11.7
Zend Zend Framework 1.11.8
Zend Zend Framework 1.12.0
Zend Zend Framework 1.12.5
Zend Zend Framework 1.12.6
Zend Zend Framework 2.0.0
2 EDB exploits
NA
CVE-2014-4703
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
Nagios Nagios 2.0.2
1 EDB exploit
NA
CVE-2014-2913
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and previous versions allows remote malicious users to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple par...
Opensuse Opensuse 12.3
Opensuse Opensuse 11.4
Nagios Remote Plugin Executor
Opensuse Opensuse 13.1
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »