Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
w. cashdollar vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2016-1000121
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
Huge-it Slider 1.0.9
7.8
CVSSv3
CVE-2015-7556
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.
Delegate Delegate 9.9.13
1 EDB exploit
NA
CVE-2003-0265
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local malicious users to gain root privileges by modifying the files before the permissions are changed.
Sap Sap Db 7.4.3.7 Beta
Sap Sap Db 7.3.29
1 EDB exploit
NA
CVE-2013-1948
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a filename.
Rob Westgeest Md2pdf 0.0.1
7.8
CVSSv3
CVE-2016-7488
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.
Teradata Virtual Machine 15.10
7.8
CVSSv3
CVE-2016-7490
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.
Teradata Studio Express 15.12.00.00
NA
CVE-2002-0296
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
Tarantella Tarantella Enterprise 3.10
Tarantella Tarantella Enterprise 3.11
Tarantella Tarantella Enterprise 3.0
Tarantella Tarantella Enterprise 3.01
Tarantella Tarantella Enterprise 3.20
1 EDB exploit
7.5
CVSSv3
CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin prior to 2.6 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
Wpshopstyling Wp E-commerce Shop Styling
1 EDB exploit
5.3
CVSSv3
CVE-2015-5471
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote malicious users to read arbitrary files via a full pathname in the file parameter.
Swim Team Project Swim Team 1.44.10777
1 EDB exploit
NA
CVE-2012-6348
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite prior to 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink...
Centrify Centrify Deployment Manager 2.1.0.283
Centrify Centrify Suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »