Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eric flokstra vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2531
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) prior to 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , ...
Interworx Web Control Panel
1 EDB exploit
NA
CVE-2015-2084
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin prior to 1.2.3 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in a...
Cybernetikz Easy Social Icons
1 EDB exploit
9.8
CVSSv3
CVE-2022-24627
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
Audiocodes Device Manager Express
9.8
CVSSv3
CVE-2022-24629
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/A...
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24630
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.
Audiocodes Device Manager Express
5.3
CVSSv3
CVE-2022-24632
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
Audiocodes Device Manager Express
7.2
CVSSv3
CVE-2022-24628
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
Audiocodes Device Manager Express
5.4
CVSSv3
CVE-2022-24631
An issue exists in AudioCodes Device Manager Express up to and including 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.
Audiocodes Device Manager Express
NA
CVE-2014-2035
Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) prior to 5.0.13 build 574 allows remote malicious users to inject arbitrary web script or HTML via the i parameter.
Interworx Web Control Panel 5.0.12
Interworx Web Control Panel 5.0.11
Interworx Web Control Panel 5.0.10
Interworx Web Control Panel 5.0
Interworx Web Control Panel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started