Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

osanda malith vulnerabilities and exploits

(subscribe to this query)
7.8
CVSSv3
CVE-2014-3860
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
Xilisoft Video Converter 7.8.1
NA
CVE-2014-0619
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.
Hamstersoft Hamster Free Zip Archiver 2.0.1.7
NA
CVE-2014-1680
Untrusted search path vulnerability in Bandisoft Bandizip prior to 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
Bandisoft Bandizip 3.06Bandisoft Bandizip 3.05Bandisoft BandizipBandisoft Bandizip 3.02Bandisoft Bandizip 3.01Bandisoft Bandizip 3.00Bandisoft Bandizip 3.04Bandisoft Bandizip 3.03Bandisoft Bandizip 3.08Bandisoft Bandizip 3.07
NA
CVE-2014-8494
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
Estsoft Alupdate 8.5.1.0.0
NA
CVE-2015-2667
Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.
Gns3 Gns3 1.2.3
NA
CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Zte Zxv10 W300 Firmware 1.0.0a Zrd LkZte Zxv10 W300 -
7.5
CVSSv3
CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read backup files via a direct request for rom-0.
Zte Zxv10 W300 Firmware W300v1.0.0a Zrd Lk
NA
CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
Zte Zxv10 W300 Firmware 1.0.0a Zrd LkZte Zxv10 W300 -
NA
CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote malicious users to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
Zte Zxv10 W300 Firmware 1.0.0a Zrd LkZte Zxv10 W300 -
7.2
CVSSv3
CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not ...
Cmsmadesimple Cms Made Simple 2.1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook