Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

arbitrary vulnerabilities and exploits

(subscribe to this query)
6.8
CVSSv2

CVE-2012-2496

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x prior to 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote malicious users to execute arbitrar...
Cisco Anyconnect Secure Mobility Client 3.0
4.3
CVSSv2

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x prior to 3.0 MR8 and Cisco Secure Desktop prior to 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote malicious users to forc...
Cisco Anyconnect Secure Mobility Client 3.0Cisco Secure DesktopCisco Secure Desktop 3.1Cisco Secure Desktop 3.1.1Cisco Secure Desktop 3.1.1.27Cisco Secure Desktop 3.1.1.33Cisco Secure Desktop 3.1.1.45Cisco Secure Desktop 3.2Cisco Secure Desktop 3.2.1Cisco Secure Desktop 3.3Cisco Secure Desktop 3.4Cisco Secure Desktop 3.4.1
9.3
CVSSv2

CVE-2012-4655

The WebLaunch feature in Cisco Secure Desktop prior to 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote malicious users to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSC...
Cisco Secure Desktop 3.1Cisco Secure Desktop 3.1.1Cisco Secure Desktop 3.1.1.27Cisco Secure Desktop 3.1.1.33Cisco Secure Desktop 3.1.1.45Cisco Secure Desktop 3.2Cisco Secure Desktop 3.2.1Cisco Secure Desktop 3.3Cisco Secure Desktop 3.4Cisco Secure Desktop 3.4.1Cisco Secure Desktop 3.4.2Cisco Secure Desktop 3.4.2048
9.3
CVSSv2

CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x prior to 2.5 MR6 on Windows, and 2.x prior to 2.5 MR6 and 3.x prior to 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader ...
Cisco Anyconnect Secure Mobility Client 2.0Cisco Anyconnect Secure Mobility Client 2.1Cisco Anyconnect Secure Mobility Client 2.2Cisco Anyconnect Secure Mobility Client 2.2.128Cisco Anyconnect Secure Mobility Client 2.2.133Cisco Anyconnect Secure Mobility Client 2.2.136Cisco Anyconnect Secure Mobility Client 2.2.140Cisco Anyconnect Secure Mobility Client 2.3Cisco Anyconnect Secure Mobility Client 2.3.185Cisco Anyconnect Secure Mobility Client 2.3.254Cisco Anyconnect Secure Mobility Client 2.3.2016Cisco Anyconnect Secure Mobility Client 2.4
4.3
CVSSv2

CVE-2012-2494

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x prior to 2.5 MR6 and 3.x prior to 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote malicious users to fo...
Cisco Anyconnect Secure Mobility Client 2.0Cisco Anyconnect Secure Mobility Client 2.1Cisco Anyconnect Secure Mobility Client 2.2Cisco Anyconnect Secure Mobility Client 2.2.128Cisco Anyconnect Secure Mobility Client 2.2.133Cisco Anyconnect Secure Mobility Client 2.2.136Cisco Anyconnect Secure Mobility Client 2.2.140Cisco Anyconnect Secure Mobility Client 2.3Cisco Anyconnect Secure Mobility Client 2.3.185Cisco Anyconnect Secure Mobility Client 2.3.254Cisco Anyconnect Secure Mobility Client 2.3.2016Cisco Anyconnect Secure Mobility Client 2.4
9.3
CVSSv2

CVE-2013-1169

Cisco Unified MeetingPlace Web Conferencing Server 7.x prior to 7.1MR1 Patch 2, 8.0 prior to 8.0MR1 Patch 2, and 8.5 prior to 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote malicious users to impersonate users via a craf...
Cisco Unified Meetingplace Web Conferencing Server 7.1Cisco Unified Meetingplace Web Conferencing Server 8.0Cisco Unified Meetingplace Web Conferencing Server 8.5
7.6
CVSSv2

CVE-2013-1168

The web server in Cisco Unified MeetingPlace Application Server 7.x prior to 7.1MR1 Patch 2, 8.0 prior to 8.0MR1 Patch 1, and 8.5 prior to 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote malicious users to hijack sessions by lev...
Cisco Unified Meetingplace 7.0Cisco Unified Meetingplace 7.0.1Cisco Unified Meetingplace 7.0.2Cisco Unified Meetingplace 7.0.3Cisco Unified Meetingplace 7.1Cisco Unified Meetingplace 8.0Cisco Unified Meetingplace 8.5Cisco Unified Meetingplace 8.5.1Cisco Unified Meetingplace 8.5.2Cisco Unified Meetingplace 8.5.3
8.1
CVSSv3

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache StrutsCisco Digital Media Manager -Cisco Hosted Collaboration Solution 10.5(1)Cisco Hosted Collaboration Solution 11.0(1)Cisco Hosted Collaboration Solution 11.5(1)Cisco Hosted Collaboration Solution 11.6(1)Cisco Media Experience Engine 3.5Cisco Media Experience Engine 3.5.2Cisco Network Performance Analysis -Cisco Video Distribution Suite For Internet Streaming -Netapp Oncommand Balance -
8.8
CVSSv3

CVE-2018-12519

An issue exists in ShopNx through 2017-11-17. The vulnerability allows a remote malicious user to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
Codenx Shopnx
9.8
CVSSv3

CVE-2021-3378

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
Fortilogger Fortilogger
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
path traversalCVE-2025-2657CVE-2025-30066CVE-2025-24813apache commons vfsCVE-2025-2478validationCVE-2025-2674code injectionmedical card generation systemmicrosoft edge (chromium-based)CVE-2025-2688cicadascms
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook