Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
1 Metasploit module
9 Github repositories
2 Articles
1000
VMScore
CVE-2007-0882
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote malicious users to log into cert...
Oracle Solaris 11
Sun Sunos 5.11
Sun Sunos 5.10
Oracle Solaris 10
3 EDB exploits
1 Article
945
VMScore
CVE-2007-3191
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote malicious users to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
Jffnms Just For Fun Network Management System 0.8.3
1 EDB exploit
940
VMScore
CVE-2017-5259
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
Cambiumnetworks Cnpilot R190v Firmware
Cambiumnetworks Cnpilot E410 Firmware
Cambiumnetworks Cnpilot R190n Firmware
Cambiumnetworks Cnpilot E400 Firmware
Cambiumnetworks Cnpilot E600 Firmware
890
VMScore
CVE-2021-34111
Thecus 4800Eco exists to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
Thecus N4800eco Firmware -
890
VMScore
CVE-2018-12313
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands without authentication via the "rocommunity" URL parameter.
Asustor Data Master 3.1.1
890
VMScore
CVE-2004-0450
Format string vulnerability in the printlog function in log2mail prior to 0.2.5.2 allows local users or remote malicious users to execute arbitrary code via format string specifiers in a logfile monitored by log2mail.
Log2mail Log2mail 0.2.5.0
Log2mail Log2mail 0.2.5.1
Log2mail Log2mail 0.2.2.2
Log2mail Log2mail 0.2.5.2
855
VMScore
CVE-2013-3365
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp usern...
Trendnet Tew-812dru -
1 EDB exploit
802
VMScore
CVE-2018-16752
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
Linknet-usa Lw-n605r Firmware 12.20.2.1486
801
VMScore
CVE-2020-10583
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary OS commands on the server as the user running the application.
Invigo Automatic Device Management
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »