Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfgang hotwagner vulnerabilities and exploits
(subscribe to this query)
8.4
CVSSv3
CVE-2017-3316
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox before 5.0.32 and before 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
Oracle Vm Virtualbox 5.0.30
Oracle Vm Virtualbox 5.1.12
1 EDB exploit
8.1
CVSSv3
CVE-2017-6445
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.
Openelec Openelec 6.0.3
Openelec Openelec 7.0.1
9.8
CVSSv3
CVE-2019-15741
An issue exists in GitLab Omnibus 7.4 up to and including 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
Gitlab Omnibus
5.3
CVSSv3
CVE-2020-9364
An issue exists in helpers/mailer.php in the Creative Contact Form extension 4.6.2 prior to 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit t...
Creative-solutions Creative Contact Form 4.6.2
9.8
CVSSv3
CVE-2019-16885
In OkayCMS up to and including 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Compariso...
Okay-cms Okaycms
7
CVSSv3
CVE-2019-10143
It exists freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory norm...
Freeradius Freeradius
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
9.8
CVSSv3
CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated malicious user to access the database by injecting SQL code via a crafted POST request.
Qcubed Qcubed
6.1
CVSSv3
CVE-2020-24912
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated malicious users to steal sessions of authenticated users.
Qcubed Qcubed
9.8
CVSSv3
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated malicious user to execute code via a crafted POST request.
Qcubed Qcubed
8.8
CVSSv3
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Fork-cms Fork Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started