Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slidingwindow vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2016-9269
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and previous versions allows authenticated, remote users with least privileges to run arbitrary commands on the sy...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
9.8
CVSSv3
CVE-2018-1217
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated malicious user to read ...
Dell Emc Avamar 7.5.0
Dell Emc Integrated Data Protection Appliance 2.0
Dell Emc Integrated Data Protection Appliance 2.1
Dell Emc Avamar 7.3.1
Dell Emc Avamar 7.4.1
1 EDB exploit
9.8
CVSSv3
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core....
Oracle Virtual Desktop Infrastructure
Oracle Weblogic Server 12.2.1.0.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.1.2.0.0
Oracle Storagetek Tape Analytics Sw Tool 2.3
2 EDB exploits
12 Github repositories
8.8
CVSSv3
CVE-2018-5406
The Quest Kace K1000 Appliance, versions before 9.0.270, allows a remote malicious user to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a ...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
8.8
CVSSv3
CVE-2017-7851
D-Link DCS-936L devices with firmware prior to 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
D-link Dcs-936l
1 EDB exploit
8.8
CVSSv3
CVE-2017-7852
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting ...
Dlink Dcs-2230l Firmware
Dlink Dcs-2310l Firmware
Dlink Dcs-2332l Firmware
Dlink Dcs-6010l Firmware
Dlink Dcs-7010l Firmware
Dlink Dcs-2530l Firmware
Dlink Dcs-930l Firmware
Dlink Dcs-932l Firmware
Dlink Dcs-934l Firmware
Dlink Dcs-942l Firmware
Dlink Dcs-931l Firmware
Dlink Dcs-933l Firmware
Dlink Dcs-5009l Firmware
Dlink Dcs-5010l Firmware
Dlink Dcs-5020l Firmware
Dlink Dcs-5000l Firmware
Dlink Dcs-5025l Firmware
Dlink Dcs-5030l Firmware
Dlink Dcs-2210l Firmware
Dlink Dcs-2136l Firmware
Dlink Dcs-2132l Firmware
Dlink Dcs-7000l Firmware
1 EDB exploit
8.8
CVSSv3
CVE-2016-9315
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and previous versions allows authenticated, remote users with least privileges to change M...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
8.1
CVSSv3
CVE-2017-6412
In Sophos Web Appliance (SWA) prior to 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
Sophos Web Appliance
1 EDB exploit
7.8
CVSSv3
CVE-2016-9314
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and previous versions allows authenticated, remote users with least privileges to backup the system configu...
Trendmicro Interscan Web Security Virtual Appliance
1 EDB exploit
6.5
CVSSv3
CVE-2018-5404
The Quest Kace K1000 Appliance, versions before 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or ...
Quest Kace Systems Management Appliance Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »