Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
application express vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-0215
Microsoft Outlook Express 5.5 and 6 allows malicious users to cause a denial of service (application crash) via a malformed e-mail header.
Microsoft Outlook Express 6.0
Avaya Definity One Media Server
Avaya Ip600 Media Servers
Avaya S8100
Avaya Modular Messaging Message Storage Server S3400
NA
CVE-2013-1168
The web server in Cisco Unified MeetingPlace Application Server 7.x prior to 7.1MR1 Patch 2, 8.0 prior to 8.0MR1 Patch 1, and 8.5 prior to 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote malicious users to hijack sessions by lev...
Cisco Unified Meetingplace 7.0.2
Cisco Unified Meetingplace 7.0
Cisco Unified Meetingplace 7.0.3
Cisco Unified Meetingplace 7.1
Cisco Unified Meetingplace 7.0.1
Cisco Unified Meetingplace 8.0
Cisco Unified Meetingplace 8.5
Cisco Unified Meetingplace 8.5.1
Cisco Unified Meetingplace 8.5.2
Cisco Unified Meetingplace 8.5.3
7.8
CVSSv3
CVE-2017-12261
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local malicious user to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the...
Cisco Identity Services Engine 1.4
Cisco Identity Services Engine 2.0
Cisco Identity Services Engine 2.0.1
Cisco Identity Services Engine 2.1.0
Cisco Identity Services Engine Express 2.0
Cisco Identity Services Engine Express 2.0.1
Cisco Identity Services Engine Express 2.1.0
Cisco Identity Services Engine Express 1.4
Cisco Identity Services Engine Virtual Appliance 2.0
Cisco Identity Services Engine Virtual Appliance 2.1.0
Cisco Identity Services Engine Virtual Appliance 1.4
Cisco Identity Services Engine Virtual Appliance 2.0.1
9.8
CVSSv3
CVE-2021-43935
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resultin...
Baxter Welch Allyn Connex Cardio
Baxter Welch Allyn Diagnostic Cardiology Suite 2.1.0
Baxter Welch Allyn Rscribe Resting Ecg System
Baxter Welch Allyn Vision Express Holter Analysis System
Baxter Welch Allyn Hscribe Holter Analysis System Firmware
Baxter Welch Allyn Q-stress Cardiac Stress Testing System Firmware
Baxter Welch Allyn Xscribe Cardiac Stress Testing System Firmware
NA
CVE-2009-1520
Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 up to and including 5.1.8.2, 5.2.0.0 up to and including 5.2.5.3, 5.3.0.0 up to and including 5.3.6.4, 5.4.0.0 up to and including 5.4.2.6, and 5.5.0.0 up to and including 5.5.1.17 allows malici...
Ibm Tivoli Storage Manager Client 5.2
Ibm Tivoli Storage Manager Client 5.2.5.1
Ibm Tivoli Storage Manager Client 5.3.6.3
Ibm Tivoli Storage Manager Client 5.4
Ibm Tivoli Storage Manager Client 5.1.8.0
Ibm Tivoli Storage Manager Client 5.1.8.2
Ibm Tivoli Storage Manager Client 5.3.5.3
Ibm Tivoli Storage Manager Client 5.3.6.4
Ibm Tivoli Storage Manager Express 5.3.3.0
Ibm Tivoli Storage Manager Express 5.3.6.4
Ibm Tivoli Storage Manager Client 5.1
Ibm Tivoli Storage Manager Client 5.3
Ibm Tivoli Storage Manager Client 5.3.5.2
Ibm Tivoli Storage Manager Client 5.4.1.2
Ibm Tivoli Storage Manager Express 5.3
Ibm Tivoli Storage Manager Client 5.2.5.2
Ibm Tivoli Storage Manager Client 5.2.5.3
Ibm Tivoli Storage Manager Client 5.4.1.1
Ibm Tivoli Storage Manager Client 5.4.1.96
6.1
CVSSv3
CVE-2016-1318
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote malicious users to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
Cisco Application Policy Infrastructure Controller Enterprise Module 1.1 Base
6.1
CVSSv3
CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI prior to 1.12.0 might allow remote malicious users to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Jqueryui Jquery Ui
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Hospitality Cruise Fleet Management 9.0.11
Oracle Application Express
Oracle Primavera Unifier
Oracle Siebel Ui Framework
Oracle Oss Support Tools
Oracle Oss Support Tools 2.12.42
Fedoraproject Fedora 30
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Snapcenter -
Redhat Openstack 7.0
Redhat Openstack 9
Redhat Openstack 8
Juniper Junos 21.2
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 prior to 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
Ckeditor Ckeditor
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Express
Oracle Banking Party Management 2.7.0
Oracle Commerce Merchandising 11.1.0
Oracle Commerce Merchandising 11.2.0
Oracle Commerce Merchandising
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Infrastructure 8.1.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Financial Services Model Management And Governance
Oracle Jd Edwards Enterpriseone Tools
Oracle Siebel Ui Framework
Oracle Webcenter Sites 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.4.0
7.5
CVSSv3
CVE-2016-1347
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 up to and including 15.5 allows remote malicious users to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
Cisco Ios 15.2\\(4\\)m7
Cisco Ios 15.4\\(3\\)m2
Cisco Ios 15.4\\(2\\)t1
Cisco Ios 15.4\\(1\\)t2
Cisco Ios 15.1\\(4\\)gc2
Cisco Ios 15.4\\(2\\)t2
Cisco Ios 15.5\\(2\\)t3
Cisco Ios 15.4\\(3\\)m3
Cisco Ios 15.4\\(2\\)t3
Cisco Ios 15.5\\(3\\)m
Cisco Ios 15.5\\(2\\)t1
Cisco Ios 15.5\\(2\\)t2
Cisco Ios 15.4\\(3\\)m
Cisco Ios 15.4\\(3\\)m1
Cisco Ios 15.4\\(2\\)t
Cisco Ios 15.4\\(2\\)t4
Cisco Ios 15.4\\(1\\)t
Cisco Ios 15.4\\(1\\)t1
Cisco Ios 15.3\\(3\\)m3
Cisco Ios 15.3\\(3\\)m4
Cisco Ios 15.3\\(3\\)m6
Cisco Ios 15.3\\(3\\)m
5.4
CVSSv3
CVE-2021-37695
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could ...
Ckeditor Ckeditor
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Financial Services Analytical Applications Infrastructure 8.0.3
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Commerce Merchandising 11.3.2
Oracle Jd Edwards Enterpriseone Tools
Oracle Documaker 12.6.3
Oracle Documaker 12.6.4
Oracle Financial Services Model Management And Governance
Oracle Banking Party Management 2.7.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Application Express
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »