Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eldar marcussen vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13756
Sabberworm PHP CSS Parser prior to 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Sabberworm Php Css Parser
8
CVSSv3
CVE-2019-18909
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an malicious user to inject commands that will execute with root privileges.
Hp Thinpro 6.2
Hp Thinpro 6.2.1
Hp Thinpro 7.0
Hp Thinpro 7.1
6.8
CVSSv3
CVE-2019-18910
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an malicious user to inject commands that will execute with local user privileges.
Hp Thinpro 6.2
Hp Thinpro 6.2.1
Hp Thinpro 7.0
Hp Thinpro 7.1
4.6
CVSSv3
CVE-2019-16285
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
Hp Thinpro Linux 6.2
Hp Thinpro Linux 6.2.1
Hp Thinpro Linux 7.0
Hp Thinpro Linux 7.1
6.8
CVSSv3
CVE-2019-16286
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
Hp Thinpro Linux 6.2
Hp Thinpro Linux 6.2.1
Hp Thinpro Linux 7.0
Hp Thinpro Linux 7.1
6.8
CVSSv3
CVE-2019-16287
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the malicious u...
Hp Thinpro 6.2
Hp Thinpro 6.2.1
Hp Thinpro 7.0
Hp Thinpro 7.1
8.8
CVSSv3
CVE-2019-7226
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated malicious user to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along w...
Abb Pb610 Panel Builder 600 Firmware
7.3
CVSSv3
CVE-2019-7227
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default...
Abb Pb610 Panel Builder 600 Firmware
8.8
CVSSv3
CVE-2019-7228
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
Abb Pb610 Panel Builder 600 Firmware
5.7
CVSSv3
CVE-2019-7231
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an ...
Abb Pb610 Panel Builder 600 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »