Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
onur onur vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-6725
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.
Zyxel P-660hn-t1 Firmware 2.00\\(aakk.3\\)
NA
CVE-2015-7348
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.
Ztree Project Ztree
NA
CVE-2014-7183
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Litecart Litecart
6.1
CVSSv3
CVE-2019-12167
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
Emerson Liebert Challenger Firmware 5.1e0.5
NA
CVE-2015-6584
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and previous versions for jQuery allows remote malicious users to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
Sprymedia Datatables
NA
CVE-2014-9367
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
Twiki Twiki 6.0.0
Twiki Twiki 6.0.1
NA
CVE-2014-9325
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to...
Twiki Twiki 6.0.1
NA
CVE-2013-0230
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote malicious users to execute arbitrary code via a long quoted method.
Miniupnp Project Miniupnpd 1.0
3 EDB exploits
1 Github repository
NA
CVE-2015-2250
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 prior to 5.7.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index....
Concrete5 Concrete5
NA
CVE-2015-1385
Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin prior to 6.0.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeed...
Blubrry Powerpress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »