Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karn ganeshen vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2016-5789
A Cross-site Request Forgery issue exists in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
Jantek Jtc-200 Firmware
7.2
CVSSv3
CVE-2016-2278
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and previous versions and AS-P 1.7 and previous versions allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
Schneider-electric Struxureware Building Operations Automation Server As Firmware
Schneider-electric Struxureware Building Operations Automation Server As-p Firmware 1.7
1 EDB exploit
9.9
CVSSv3
CVE-2015-7926
eWON devices with firmware prior to 10.1s0 omit RBAC for I/O server information and status requests, which allows remote malicious users to obtain sensitive information via an unspecified URL.
Ewon Ewon Firmware
6.1
CVSSv3
CVE-2015-7927
Cross-site scripting (XSS) vulnerability on eWON devices with firmware up to and including 10.1s0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ewon Ewon Firmware
8.5
CVSSv3
CVE-2015-7928
eWON devices with firmware prior to 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ewon Ewon Firmware
4.3
CVSSv3
CVE-2015-7929
eWON devices with firmware up to and including 10.1s0 support unspecified GET requests, which might allow remote malicious users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Ewon Ewon Firmware
NA
CVE-2010-0607
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote malicious users to inject arbitrary web script or HTML via the Stat_Radio parameter.
Sterlitetechnologies Sam300 Ax Router
1 EDB exploit
9.8
CVSSv3
CVE-2015-6472
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
Wago 750-849 Firmware 01.02.05
Wago 750-849 Firmware 01.01.27
Wago 750-881 Firmware 01.02.05
Wago 750-881 Firmware 01.01.27
Wago 758-870 Firmware 01.01.27
Wago 758-870 Firmware 01.02.05
NA
CVE-2015-6477
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Nordex Nordex Control 2 Scada
7.8
CVSSv3
CVE-2017-14017
An Uncontrolled Search Path Element issue exists in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL fil...
Progea Movicon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »