Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hex vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6405
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and previous versions on Windows allows remote malicious users to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) he...
Shttpd Shttpd 1.34
Shttpd Shttpd 1.35
Shttpd Shttpd 1.38
1 EDB exploit
NA
CVE-2002-1599
DansGuardian prior to 2.4.5-1 allows remote malicious users to bypass content filtering rules via hex-encoded URLs.
Daniel Barron Dansguardian 2.2.2.7.1
Daniel Barron Dansguardian 2.2.2.9.1
Daniel Barron Dansguardian 2 2.2.9
Daniel Barron Dansguardian 2 2.2.5
Daniel Barron Dansguardian 2 2.2.6
Daniel Barron Dansguardian 2 2.2.7
Daniel Barron Dansguardian 2 2.2.8
Daniel Barron Dansguardian 2 2.2.10
Daniel Barron Dansguardian 2 2.2.4
7.5
CVSSv3
CVE-2016-5056
OSRAM SYLVANIA Osram Lightify Pro prior to 2016-07-26 uses only 8 hex digits for a PSK.
Osram Lightify Pro
5.3
CVSSv3
CVE-2022-32265
qDecoder prior to 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.
Qdecoder Project Qdecoder
NA
CVE-2005-0831
PHP-Post allows remote malicious users to spoof the names of other users by registering with a username containing hex-encoded characters.
Php-post Php-post Web Forum 0.1
Php-post Php-post Web Forum 0.2
Php-post Php-post Web Forum 0.21
Php-post Php-post Web Forum 0.22
Php-post Php-post Web Forum 0.3
Php-post Php-post Web Forum 0.32
9.8
CVSSv3
CVE-2021-24115
In Botan prior to 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
Botan Project Botan
6.1
CVSSv3
CVE-2014-9772
The validator package prior to 2.0.0 for Node.js allows remote malicious users to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
Nodejs Node.js
NA
CVE-2004-2065
DansGuardian 2.8 and previous versions allows remote malicious users to bypass the extension filtering rule via a hex encoded extension or . in the filename.
Daniel Barron Dansguardian 2.2.6
Daniel Barron Dansguardian 2.2.7
Daniel Barron Dansguardian 2.8
Daniel Barron Dansguardian 2.2.7.1
Daniel Barron Dansguardian 2.2.8
Daniel Barron Dansguardian 2.2.9
Daniel Barron Dansguardian 2.2.4
Daniel Barron Dansguardian 2.2.5
Daniel Barron Dansguardian 2.6.1.5
Daniel Barron Dansguardian 2.7.3.1
Daniel Barron Dansguardian 2.2.10
Daniel Barron Dansguardian 2.2.9.1
Daniel Barron Dansguardian 2.4.5.1
6.5
CVSSv3
CVE-2023-20891
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can acce...
Vmware Isolation Segment
Vmware Tanzu Application Service For Virtual Machines
NA
CVE-2005-1994
Finjan SurfinGate 7.0SP2 and SP3 allows remote malicious users to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e".
Finjan Software Surfingate 7.0 Sp2
Finjan Software Surfingate 7.0 Sp3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »