Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

osanda malith jayathissa vulnerabilities and exploits

(subscribe to this query)
7.2
CVSSv3
CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not ...
Cmsmadesimple Cms Made Simple 2.1.6
NA
CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
Zte Zxv10 W300 Firmware 1.0.0a Zrd LkZte Zxv10 W300 -
NA
CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote malicious users to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
Zte Zxv10 W300 Firmware 1.0.0a Zrd LkZte Zxv10 W300 -
NA
CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Zte Zxv10 W300 Firmware 1.0.0a Zrd LkZte Zxv10 W300 -
7.5
CVSSv3
CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read backup files via a direct request for rom-0.
Zte Zxv10 W300 Firmware W300v1.0.0a Zrd Lk
7.8
CVSSv3
CVE-2018-14327
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" direc...
Ee Ee40vb Firmware
NA
CVE-2014-3544
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID...
Moodle Moodle 2.4.4Moodle Moodle 2.4.5Moodle Moodle 2.4.6Moodle Moodle 2.4.7Moodle Moodle 2.4.10Moodle Moodle 2.4.1Moodle Moodle 2.4.3Moodle Moodle 2.4.8Moodle Moodle 2.4.0Moodle Moodle 2.4.2Moodle Moodle 2.4.9Moodle Moodle 2.3.1Moodle Moodle 2.3.10Moodle MoodleMoodle Moodle 2.3.2Moodle Moodle 2.3.7Moodle Moodle 2.3.8Moodle Moodle 2.3.9Moodle Moodle 2.3.4Moodle Moodle 2.3.6Moodle Moodle 2.3.0Moodle Moodle 2.3.3
NA
CVE-2015-1171
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote malicious users to execute arbitrary code via a long entry in a .sms file.
Gsm Sim Card Editor 6.6
NA
CVE-2015-1362
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote malicious users to execute arbitrary code via a long string in the maker element in an XML file.
Two Pilots Exif Pilot 4.7.2
NA
CVE-2014-5116
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent malicious users to cause a denial of service (NULL pointer dereference) via a large string.
Cairographics Cairo 1.10.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook