Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
che-chun kuo vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-1306
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote malicious user to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this ...
Apache Pluto 3.0.0
1 EDB exploit
1 Github repository
7.2
CVSSv3
CVE-2018-1321
An administrator with report and template entitlements in Apache Syncope 1.2.x prior to 1.2.11, 2.0.x prior to 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited...
Apache Syncope 1.0.8
Apache Syncope 1.1.0
Apache Syncope 1.1.7
Apache Syncope 1.2.0
Apache Syncope 1.0.0
Apache Syncope 1.0.4
Apache Syncope 1.0.5
Apache Syncope 1.0.6
Apache Syncope
Apache Syncope 1.1.1
Apache Syncope 1.1.2
Apache Syncope 1.1.3
Apache Syncope 1.1.4
Apache Syncope 1.1.5
Apache Syncope 1.0.7
Apache Syncope 1.0.9
Apache Syncope 1.1.6
Apache Syncope 1.1.8
1 EDB exploit
4.9
CVSSv3
CVE-2018-1322
An administrator with user search entitlements in Apache Syncope 1.2.x prior to 1.2.11, 2.0.x prior to 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Apache Syncope
Apache Syncope 1.1.4
Apache Syncope 1.1.5
Apache Syncope 1.1.6
Apache Syncope 1.1.7
Apache Syncope 1.0.5
Apache Syncope 1.0.7
Apache Syncope 1.0.6
Apache Syncope 1.0.8
Apache Syncope 1.0.0
Apache Syncope 1.0.4
Apache Syncope 1.0.9
Apache Syncope 1.1.1
Apache Syncope 1.1.3
Apache Syncope 1.1.8
Apache Syncope 1.0.3
Apache Syncope 1.1.0
Apache Syncope 1.1.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started