Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

onur onur vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2019-6725
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.
Zyxel P-660hn-t1 Firmware 2.00\\(aakk.3\\)
NA
CVE-2015-7348
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.
Ztree Project Ztree
NA
CVE-2014-7183
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Litecart Litecart
6.1
CVSSv3
CVE-2019-12167
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
Emerson Liebert Challenger Firmware 5.1e0.5
NA
CVE-2015-6584
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and previous versions for jQuery allows remote malicious users to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
Sprymedia Datatables
NA
CVE-2014-9367
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
Twiki Twiki 6.0.0Twiki Twiki 6.0.1
NA
CVE-2014-9325
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to...
Twiki Twiki 6.0.1
NA
CVE-2013-0230
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote malicious users to execute arbitrary code via a long quoted method.
Miniupnp Project Miniupnpd 1.0
NA
CVE-2015-2250
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index....
Concrete5 Concrete5
NA
CVE-2015-1385
Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin prior to 6.0.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeed...
Blubrry Powerpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook