Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slidingwindow vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-6338
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify r...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
5.4
CVSSv3
CVE-2017-6340
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements i...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
8.1
CVSSv3
CVE-2017-6412
In Sophos Web Appliance (SWA) prior to 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
Sophos Web Appliance
1 EDB exploit
9.8
CVSSv3
CVE-2018-1217
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated malicious user to read ...
Dell Emc Avamar 7.5.0
Dell Emc Integrated Data Protection Appliance 2.0
Dell Emc Integrated Data Protection Appliance 2.1
Dell Emc Avamar 7.3.1
Dell Emc Avamar 7.4.1
1 EDB exploit
6.5
CVSSv3
CVE-2017-6339
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to cli...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
6.5
CVSSv3
CVE-2018-5404
The Quest Kace K1000 Appliance, versions before 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or ...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
5.4
CVSSv3
CVE-2018-5405
The Quest Kace K1000 Appliance, versions before 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to ste...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
8.8
CVSSv3
CVE-2018-5406
The Quest Kace K1000 Appliance, versions before 9.0.270, allows a remote malicious user to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a ...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
8.8
CVSSv3
CVE-2017-7851
D-Link DCS-936L devices with firmware prior to 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
D-link Dcs-936l
1 EDB exploit
8.8
CVSSv3
CVE-2017-7852
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting ...
Dlink Dcs-2230l Firmware
Dlink Dcs-2310l Firmware
Dlink Dcs-2332l Firmware
Dlink Dcs-6010l Firmware
Dlink Dcs-7010l Firmware
Dlink Dcs-2530l Firmware
Dlink Dcs-930l Firmware
Dlink Dcs-932l Firmware
Dlink Dcs-934l Firmware
Dlink Dcs-942l Firmware
Dlink Dcs-931l Firmware
Dlink Dcs-933l Firmware
Dlink Dcs-5009l Firmware
Dlink Dcs-5010l Firmware
Dlink Dcs-5020l Firmware
Dlink Dcs-5000l Firmware
Dlink Dcs-5025l Firmware
Dlink Dcs-5030l Firmware
Dlink Dcs-2210l Firmware
Dlink Dcs-2136l Firmware
Dlink Dcs-2132l Firmware
Dlink Dcs-7000l Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »