Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coresecurity.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-42383
Core Security Technologies Advisory - The TestLink Test Management and Execution System suffers from cross site scripting and remote SQL injection vulnerabilities. Versions below 1.8.5 are affected.
NA
CVE-2018-101643
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
8.8
CVSSv3
CVE-2018-10166
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an malicious user to submit authenticated requests when an authenticated user browses an attack-contr...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
5.4
CVSSv3
CVE-2018-10164
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is...
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
5.4
CVSSv3
CVE-2018-10165
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality....
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
7.5
CVSSv3
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify t...
Tp-link Eap Controller 2.6.0
Tp-link Eap Controller 2.5.4
NA
CVE-2008-0196
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and previous versions allow remote malicious users to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as de...
Wordpress Wordpress
NA
CVE-2009-13573
Core Security Technologies Advisory - An HTTP Response Splitting vulnerability has been discovered in Sun Java System Delegated Administrator.
NA
CVE-2007-5268
pngrtran.c in libpng prior to 1.0.29 and 1.2.x prior to 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote malicious users to cause a denial of service (crash) via a crafted PNG image.
Libpng Libpng
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
NA
CVE-2007-5269
Certain chunk handlers in libpng prior to 1.0.29 and 1.2.x prior to 1.2.21 allow remote malicious users to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT...
Libpng Libpng 1.0.28
Libpng Libpng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »