Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alibaba vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv2
CVE-2014-5976
The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Alibaba Alibaba 4.1.0.0
3.5
CVSSv2
CVE-2018-6867
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.
Alibaba Clone Script Project Alibaba Clone Script 1.0.2
6.5
CVSSv2
CVE-2021-43116
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
Alibaba Nacos
NA
CVE-2020-21699
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
Alibaba Tengine 2.2.2
5
CVSSv2
CVE-2021-33800
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
Alibaba Druid 1.2.3
5
CVSSv2
CVE-2020-19676
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:htt...
Alibaba Nacos 1.1.4
4.3
CVSSv2
CVE-2021-44667
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
Alibaba Nacos 2.0.3
6.8
CVSSv2
CVE-2007-0827
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote malicious users to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
Alibaba Alipay Activex Control
1 EDB exploit
7.5
CVSSv2
CVE-2010-1725
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Alibabaclone Alibaba Clone Platinum
1 EDB exploit
7.5
CVSSv2
CVE-2009-3504
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Alibabaclone Alibaba Clone 3.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »