Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osanda malith jayathissa vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not ...
Cmsmadesimple Cms Made Simple 2.1.6
1 EDB exploit
NA
CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
NA
CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote malicious users to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
NA
CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
7.5
CVSSv3
CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read backup files via a direct request for rom-0.
Zte Zxv10 W300 Firmware W300v1.0.0a Zrd Lk
1 EDB exploit
7.8
CVSSv3
CVE-2018-14327
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" direc...
Ee Ee40vb Firmware
1 EDB exploit
NA
CVE-2014-3544
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID...
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.7
Moodle Moodle 2.4.10
Moodle Moodle 2.4.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.8
Moodle Moodle 2.4.0
Moodle Moodle 2.4.2
Moodle Moodle 2.4.9
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.0
Moodle Moodle 2.3.3
1 EDB exploit
1 Github repository
NA
CVE-2015-1171
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote malicious users to execute arbitrary code via a long entry in a .sms file.
Gsm Sim Card Editor 6.6
1 EDB exploit
NA
CVE-2015-1362
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote malicious users to execute arbitrary code via a long string in the maker element in an XML file.
Two Pilots Exif Pilot 4.7.2
1 EDB exploit
NA
CVE-2014-5116
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent malicious users to cause a denial of service (NULL pointer dereference) via a large string.
Cairographics Cairo 1.10.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started