Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6553
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote malicious users to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a dele...
Impliedbydesign Micro-cms
1 EDB exploit
8.8
CVSSv3
CVE-2022-23771
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to ...
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas4dual Firmware
NA
CVE-2007-6260
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote malicious users to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), mo...
Oracle Database Server
NA
CVE-2011-1946
gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes ...
Hongli Lai Libgnomesu 1.0.0
5.5
CVSSv3
CVE-2023-28087
An HPE OneView appliance dump may expose OneView user accounts
Hp Oneview
9.8
CVSSv3
CVE-2020-36713
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated malicious user...
Inspireui Mstore Api
NA
CVE-2024-29033
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a...
6.5
CVSSv3
CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
Icewarp Mail Server 12.3.0.1
3 Github repositories
NA
CVE-1999-0310
SSH 1.2.25 on HP-UX allows access to new user accounts.
Ssh Ssh 1.2.25
9.8
CVSSv3
CVE-2022-30270
The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is co...
Motorola Ace1000 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »