Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alibaba vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5976
The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Alibaba Alibaba 4.1.0.0
5.4
CVSSv3
CVE-2018-6867
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.
Alibaba Clone Script Project Alibaba Clone Script 1.0.2
8.8
CVSSv3
CVE-2021-43116
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
Alibaba Nacos
6.1
CVSSv3
CVE-2021-44667
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
Alibaba Nacos 2.0.3
7.5
CVSSv3
CVE-2021-33800
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
Alibaba Druid 1.2.3
7.5
CVSSv3
CVE-2020-21699
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
Alibaba Tengine 2.2.2
5.3
CVSSv3
CVE-2020-19676
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:htt...
Alibaba Nacos 1.1.4
NA
CVE-2010-1725
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Alibabaclone Alibaba Clone Platinum
1 EDB exploit
NA
CVE-2009-3504
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Alibabaclone Alibaba Clone 3.0
1 EDB exploit
NA
CVE-2007-0827
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote malicious users to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
Alibaba Alipay Activex Control
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »